CVE-2023-2030
Improper Verification of Cryptographic Signature in GitLab
5.3
MEDIUM
CVSS 3.1
EPSS 0.04%
Description
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
How to fix CVE-2023-2030
To remediate CVE-2023-2030, upgrade the affected package to a fixed version below.
- Bitnami/gitlab—upgrade to 16.5.6 or later
Is CVE-2023-2030 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 12.2.0, < 16.5.6, >= 16.6.0, < 16.6.4, >= 16.7.0, < 16.7.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |