CVE-2023-1965

An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1965.json	Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/406235	Broken Link
https://hackerone.com/reports/1923672	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

09 May 2023, 20:36

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
References	~~(CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1965.json -~~	(CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1965.json - Third Party Advisory
References	~~(MISC) https://hackerone.com/reports/1923672 -~~	(MISC) https://hackerone.com/reports/1923672 - Permissions Required
References	~~(MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/406235 -~~	(MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/406235 - Broken Link
CWE		CWE-352
First Time		Gitlab Gitlab gitlab

03 May 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-03 21:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-1965

Mitre link : CVE-2023-1965

CVE.ORG link : CVE-2023-1965

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2023-1965", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}]}, "published": "2023-05-03T21:15:18.220", "references": [{"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1965.json", "tags": ["Third Party Advisory"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/406235", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/1923672", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default."}], "lastModified": "2023-05-09T20:36:14.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "25ED245F-8280-4467-A6C1-33F5CA94AC72", "versionEndExcluding": "15.9.6", "versionStartIncluding": "14.2"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "4A0D75F4-8D11-4C69-B761-3312B5CDFCE2", "versionEndExcluding": "15.10.5", "versionStartIncluding": "15.10"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "E7B0DA1F-87DA-411A-8C20-3BF410B6EDB8", "versionEndExcluding": "15.11.1", "versionStartIncluding": "15.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}