First published: Wed May 03 2023(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=8.6.0<15.9.6 | |
GitLab GitLab | >=8.6.0<15.9.6 | |
GitLab GitLab | >=15.10<15.10.5 | |
GitLab GitLab | >=15.10<15.10.5 | |
GitLab GitLab | >=15.11<15.11.1 | |
GitLab GitLab | >=15.11<15.11.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-1178 is an issue discovered in GitLab CE/EE that affects multiple versions of the software and compromises file integrity when source code or installation packages are pulled from a tag or a repository.
CVE-2023-1178 affects all versions of GitLab CE/EE from 8.6 before 15.9.6, versions starting from 15.10 before 15.10.5, and versions starting from 15.11 before 15.11.1.
CVE-2023-1178 has a severity rating of 5.7, which is considered medium.
To fix CVE-2023-1178, it is recommended to update GitLab CE/EE to version 15.9.6 if using versions prior to 15.9.6, update to version 15.10.5 if using versions starting from 15.10, or update to version 15.11.1 if using versions starting from 15.11.
You can find more information about CVE-2023-1178 in the GitLab issue tracker at https://gitlab.com/gitlab-org/gitlab/-/issues/381815, the GitLab CVE repository at https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json, and the related HackerOne report at https://hackerone.com/reports/1778009.