Back

CVE-2023-7045

May 23, 2024, 11:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

GitLab CE/EE

  • 13.11 - 16.10.5
  • 16.11 - 16.11.2
  • 17.0 - 17.0.0

Source

cve@gitlab.com

Tags

CWE-352
cve@gitlab.com
2024-05-23
CVE-2023-7045

CVE-2023-7045 details

Published : May 23, 2024, 11:15 a.m.
Last Modified : May 23, 2024, 11:15 a.m.

Description

A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).

CVSS Score

1 2 3 4 5.4 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

Base Score

5.4

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

URL Source
https://gitlab.com/gitlab-org/gitlab/-/issues/436358 cve@gitlab.com
https://hackerone.com/reports/2286823 cve@gitlab.com
This website uses the NVD API, but is not approved or certified by it.