CVE-2023-0450

Description

An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.

How to fix CVE-2023-0450

To remediate CVE-2023-0450, upgrade the affected package to a fixed version below.

Bitnami/gitlab—upgrade to 15.8.5 or later

Is CVE-2023-0450 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 8.1.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

References (4)

WEBgitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0450.json
WEBgitlab.com/gitlab-org/gitlab/-/issues/388962
WEBhackerone.com/reports/1831547
WEBnvd.nist.gov/vuln/detail/CVE-2023-0450