Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2013

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.

Published

2023-06-07T17:15:10.030

Last Modified

2025-01-07T17:15:13.710

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.6 (LOW)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-1021

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	< 15.10.8	Yes
Application	gitlab	gitlab	< 15.10.8	Yes
Application	gitlab	gitlab	< 15.11.7	Yes
Application	gitlab	gitlab	< 15.11.7	Yes
Application	gitlab	gitlab	< 16.0.2	Yes
Application	gitlab	gitlab	< 16.0.2	Yes

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json Vendor Advisory ([email protected])
https://gitlab.com/gitlab-org/gitlab/-/issues/406844 Broken Link ([email protected])
https://hackerone.com/reports/1940441 Permissions Required, Third Party Advisory ([email protected])
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/406844 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1940441 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/406844 Broken Link (134c704f-9b21-4f2e-91b3-4a467353bcc0)