CVE-2023-1265

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.

CVSS v3 4.5 MEDIUM

4.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json	Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/394960	Broken Link
https://hackerone.com/reports/1888690	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab::::::::

History

09 May 2023, 20:37

Type	Values Removed	Values Added
References	~~(MISC) https://hackerone.com/reports/1888690 -~~	(MISC) https://hackerone.com/reports/1888690 - Permissions Required
References	~~(CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json -~~	(CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json - Third Party Advisory
References	~~(MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/394960 -~~	(MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/394960 - Broken Link
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.5
CWE		CWE-384
CPE		cpe:2.3:a:gitlab:gitlab::::::::
First Time		Gitlab Gitlab gitlab

03 May 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-03 21:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-1265

Mitre link : CVE-2023-1265

CVE.ORG link : CVE-2023-1265

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-384

Session Fixation

{"id": "CVE-2023-1265", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.0}]}, "published": "2023-05-03T21:15:17.307", "references": [{"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json", "tags": ["Third Party Advisory"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/394960", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/1888690", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance."}], "lastModified": "2023-05-09T20:37:57.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A26A6860-E64D-44E7-BFCC-DBD19A6501C2", "versionEndExcluding": "15.9.6", "versionStartIncluding": "11.9"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF774F65-31C6-4F4A-8979-57D1568757E2", "versionEndExcluding": "15.10.5", "versionStartIncluding": "15.10"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "324922C6-938D-42CA-BA80-8BEEB29DAEC0", "versionEndExcluding": "15.11.1", "versionStartIncluding": "15.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}