An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/407252 | Issue Tracking Vendor Advisory |
https://hackerone.com/reports/1929929 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
08 Oct 2024, 19:40
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/407252 - Issue Tracking, Vendor Advisory |
03 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-347 |
18 Jan 2024, 21:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-12 14:15
Updated : 2024-10-08 19:40
NVD link : CVE-2023-2030
Mitre link : CVE-2023-2030
CVE.ORG link : CVE-2023-2030
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-347
Improper Verification of Cryptographic Signature