CVE-2023-0042
First published: Thu Jan 12 2023(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=11.4.0<15.5.7 | |
| GitLab | >=11.4.0<15.5.7 | |
| GitLab | >=15.6.0<15.6.4 | |
| GitLab | >=15.6.0<15.6.4 | |
| GitLab | >=15.7.0<15.7.2 | |
| GitLab | >=15.7.0<15.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-0042?
CVE-2023-0042 has been classified as a critical vulnerability.
How do I fix CVE-2023-0042?
To mitigate CVE-2023-0042, upgrade GitLab to versions 15.5.7, 15.6.4, or 15.7.2 or later.
What versions of GitLab are affected by CVE-2023-0042?
CVE-2023-0042 affects GitLab CE/EE versions starting from 11.4 up to but not including 15.5.7, 15.6 up to but not including 15.6.4, and 15.7 up to but not including 15.7.2.
What is the nature of the vulnerability in CVE-2023-0042?
CVE-2023-0042 allows GitLab Pages to redirect to arbitrary protocols, potentially leading to security breaches.
Is there a workaround for CVE-2023-0042 if I can't upgrade GitLab immediately?
Currently, the best approach is to upgrade GitLab as there are no official workarounds available for CVE-2023-0042.
- agent/references
- agent/type
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/11.4.0
- version/gitlab/15.6.0
- version/gitlab/15.7.0