CVE-2023-6051

Summary

An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab0 < 16.4.4affected
GitLabGitLab16.5 < 16.5.4affected
GitLabGitLab16.6 < 16.6.2affected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

References