CVE-2023-6195: SSRF
First published: Fri Jan 31 2025(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab Community Edition | >=15.5<16.9.7>=16.10<16.10.5>=16.11<16.11.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6195?
CVE-2023-6195 is classified as a high severity vulnerability due to its potential for Server Side Request Forgery.
How do I fix CVE-2023-6195?
To fix CVE-2023-6195, upgrade GitLab CE/EE to versions 16.9.7, 16.10.5, or 16.11.2 or later.
What versions of GitLab are affected by CVE-2023-6195?
CVE-2023-6195 affects GitLab versions starting from 15.5 up to 16.9.7 and versions from 16.10 to just before 16.10.5 and 16.11 to just before 16.11.2.
What type of vulnerability is CVE-2023-6195?
CVE-2023-6195 is a Server Side Request Forgery (SSRF) vulnerability.
Can CVE-2023-6195 be exploited remotely?
Yes, CVE-2023-6195 can be exploited remotely if an attacker sends a malicious URL in the markdown image.
- agent/first-publish-date
- agent/type
- agent/description
- agent/severity
- agent/references
- agent/author
- agent/source
- agent/weakness
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab community edition