Vulnerability Details : CVE-2023-0450
An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.
Products affected by CVE-2023-0450
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:15.10.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:15.10.0:*:*:*:community:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0450
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0450
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.7
|
LOW | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N |
1.2
|
2.5
|
GitLab Inc. | |
4.6
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
2.1
|
2.5
|
NIST |
References for CVE-2023-0450
-
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0450.json
2023/CVE-2023-0450.json · master · GitLab.org / cves · GitLabVendor Advisory
-
https://hackerone.com/reports/1831547
HackerOnePermissions Required
Jump to