CVE-2023-2030

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-2030

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-2030.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-2030

Aliases

BIT-gitlab-2023-2030

Related

UBUNTU-CVE-2023-2030

Published

2024-01-12T14:15:47Z

Modified

2025-03-20T17:00:53Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

30032e00da906361c553a1eef4ffcd13378b43ee

Fixed

328c57b01842700127bb3d1302f5b5b967fa4442