First published: Fri Dec 01 2023(Updated: )
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
Gitlab Gitlab | <16.4.3 | |
Gitlab Gitlab | <16.4.3 | |
Gitlab Gitlab | >=16.5.0<16.5.3 | |
Gitlab Gitlab | >=16.5.0<16.5.3 | |
Gitlab Gitlab | =16.6.0 | |
Gitlab Gitlab | =16.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5226 is a vulnerability in GitLab that allows a malicious actor to bypass branch checks and execute code injection.
All versions before 16.4.3, versions starting from 16.5 before 16.5.3, and versions starting from 16.6 before 16.6.1 are affected by CVE-2023-5226.
A malicious actor can bypass prohibited branch checks using a specially crafted branch name to manipulate code execution.
CVE-2023-5226 has a severity rating of 7.5 (High).
Yes, you can find more information about CVE-2023-5226 at the following links: [GitLab issue](https://gitlab.com/gitlab-org/gitlab/-/issues/426400) and [HackerOne report](https://hackerone.com/reports/2173053).