CVE-2023-1708

Summary

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=1.0, <15.8.5affected
GitLabGitLab>=15.9, <15.9.4affected
GitLabGitLab>=15.10, <15.10.1affected

Weaknesses

  • Improper control of generation of code ('code injection') in GitLab

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References