CVE-2023-0155

Summary

An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=15.7, <15.8.5affected
GitLabGitLab>=15.8, <15.9.4affected
GitLabGitLab>=15.9, <15.10.1affected

Weaknesses

  • Url redirection to untrusted site ('open redirect') in GitLab

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References