CVE-2023-2001
First published: Wed Jun 07 2023(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.
Credit: cve@gitlab.com cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <15.10.8 | |
| GitLab | <15.10.8 | |
| GitLab | >=15.11.0<15.11.7 | |
| GitLab | >=15.11.0<15.11.7 | |
| GitLab | >=16.0.0<16.0.2 | |
| GitLab | >=16.0.0<16.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-2001?
CVE-2023-2001 has been classified with high severity due to the potential for attackers to spoof protected tags.
How do I fix CVE-2023-2001?
To mitigate CVE-2023-2001, upgrade GitLab to version 15.10.8 or any version after 15.11.7 and 16.0.2.
What versions of GitLab are affected by CVE-2023-2001?
CVE-2023-2001 affects all versions of GitLab before 15.10.8, as well as 15.11.0 to 15.11.7 and 16.0.0 to 16.0.2.
What type of vulnerability is CVE-2023-2001?
CVE-2023-2001 is a spoofing vulnerability that can lead to the download of malicious code.
Can CVE-2023-2001 lead to code execution?
Yes, the spoofing in CVE-2023-2001 could potentially allow an attacker to trick victims into executing malicious code.
- agent/type
- agent/references
- agent/description
- agent/severity
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/gitlab
- canonical/gitlab
- version/gitlab/15.11.0
- version/gitlab/16.0.0