First published: Thu Aug 03 2023(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.
Credit: cve@gitlab.com cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=15.9.0<16.0.8 | |
GitLab GitLab | >=15.9.0<16.0.8 | |
GitLab GitLab | >=16.1<16.1.3 | |
GitLab GitLab | >=16.1<16.1.3 | |
GitLab GitLab | >=16.2<16.2.2 | |
GitLab GitLab | >=16.2<16.2.2 | |
>=15.9.0<16.0.8 | ||
>=15.9.0<16.0.8 | ||
>=16.1<16.1.3 | ||
>=16.1<16.1.3 | ||
>=16.2<16.2.2 | ||
>=16.2<16.2.2 |
Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4008 is an issue discovered in GitLab CE/EE that allows for takeover of GitLab Pages with unique domain URLs if the random string added is known.
All versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, and all versions starting from 16.2 before 16.2.2 are affected.
CVE-2023-4008 has a severity rating of 9.8 (Critical).
To fix CVE-2023-4008, update your GitLab CE/EE to version 16.0.8, 16.1.3, or 16.2.2 or later.
You can find more information about CVE-2023-4008 on the GitLab issue page: https://gitlab.com/gitlab-org/gitlab/-/issues/415942