CVE-2023-1178

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-1178

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1178.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-1178

Aliases

BIT-gitlab-2023-1178

Downstream

UBUNTU-CVE-2023-1178

Published

2023-05-03T22:15:17Z

Modified

2025-05-31T22:08:49Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

14ad7803a5cf70e2777ac4d9ce2e33da6eb312ab

Fixed

85a92396626cc698a65afd57df80298d3439fb87