CVE-2023-1265
First published: Wed May 03 2023(Updated: )
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=11.9<15.9.6 | |
| GitLab | >=15.10<15.10.5 | |
| GitLab | >=15.11<15.11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-1265?
CVE-2023-1265 has been classified as a medium severity vulnerability.
How do I fix CVE-2023-1265?
To fix CVE-2023-1265, upgrade GitLab to version 15.9.6, 15.10.5, or 15.11.1 or later.
What are the potential impacts of CVE-2023-1265?
CVE-2023-1265 may allow a privileged attacker to obtain session tokens under certain conditions.
Which versions of GitLab are affected by CVE-2023-1265?
CVE-2023-1265 affects GitLab versions starting from 11.9 before 15.9.6, 15.10 before 15.10.5, and 15.11 before 15.11.1.
Is CVE-2023-1265 a local or remote vulnerability?
CVE-2023-1265 is considered a local vulnerability as it requires a privileged attacker to exploit it.
- collector/nvd-latest
- agent/type
- agent/references
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/11.9
- version/gitlab/15.10
- version/gitlab/15.11