CVE-2023-2030

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab12.2 < 16.5.6affected
GitLabGitLab16.6 < 16.6.4affected
GitLabGitLab16.7 < 16.7.2affected

Weaknesses

  • CWE-347: CWE-347: Improper Verification of Cryptographic Signature

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References