CVE-2023-3906

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3906

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3906.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-3906

Aliases

BIT-gitlab-2023-3906

Published

2023-09-29T07:15:13Z

Modified

2024-11-21T08:18:19Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

c5ab21eda575676ffc46b85cab3456473c0357c6

Fixed

7fc27fe692abccaed7e2e0ebfea2aadf5140593f