CVE-2023-0756

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0756

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0756.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-0756

Aliases

BIT-gitlab-2023-0756

Downstream

UBUNTU-CVE-2023-0756

Published

2023-05-03T00:00:00Z

Modified

2026-05-18T05:55:20.418617914Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0756.json",
    "cna_assigner": "GitLab"
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

4dce6bc3728f63bc9086ff3088cda7527f6f0bec

Fixed

59859b264764a06096c15459ea93f581515f112e

Affected versions

v15.*

v15.11.0-ee

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0756.json"