CVE-2023-2030

An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
References
Link Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/407252 Issue Tracking Vendor Advisory
https://hackerone.com/reports/1929929 Permissions Required
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*

History

08 Oct 2024, 19:40

Type Values Removed Values Added
CWE CWE-345
References () https://gitlab.com/gitlab-org/gitlab/-/issues/407252 - Broken Link () https://gitlab.com/gitlab-org/gitlab/-/issues/407252 - Issue Tracking, Vendor Advisory

03 Oct 2024, 07:15

Type Values Removed Values Added
CWE CWE-347

18 Jan 2024, 21:18

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-12 14:15

Updated : 2024-10-08 19:40


NVD link : CVE-2023-2030

Mitre link : CVE-2023-2030

CVE.ORG link : CVE-2023-2030


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-347

Improper Verification of Cryptographic Signature