Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2023-2181

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.

  • Published: May 12, 2023
  • Updated: May 27, 2023
  • CVE: CVE-2023-2181
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

No CWE or OWASP classifications available.

Software From Fixed in
gitlab / gitlab 15.11.0 15.11.3
gitlab / gitlab 15.10.0 15.10.7
gitlab / gitlab - 15.9.8