CVE-2023-1178

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.

How to fix CVE-2023-1178

To remediate CVE-2023-1178, upgrade the affected package to a fixed version below.

Bitnami/gitlab—upgrade to 15.9.6 or later

Is CVE-2023-1178 being exploited?

Moderate — EPSS is 9.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

>= 8.6.0, < 15.9.6, >= 15.10.0, < 15.10.5, >= 15.11.0, < 15.11.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

References (4)

WEBgitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json
WEBgitlab.com/gitlab-org/gitlab/-/issues/381815
WEBhackerone.com/reports/1778009
WEBnvd.nist.gov/vuln/detail/CVE-2023-1178