CVE-2023-0450

medium

Description

An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.

References

https://hackerone.com/reports/1831547

https://gitlab.com/gitlab-org/gitlab/-/issues/388962

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0450.json

Details

Source: Mitre, NVD

Published: 2023-04-05

Updated: 2023-04-12

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N