CVE-2023-2030

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 12, 2024

Updated: Jan 18, 2024

CWE ID 345

Summary

CVE-2023-2030 is a vulnerability affecting GitLab CE/EE versions 12.2 to 16.7.2, including 16.5.6 and 16.6.4. This issue permits an attacker to manipulate the metadata of signed commits, posing a potential security risk. The affected versions of GitLab allow an attacker to bypass the signature verification process, enabling them to alter commit information without detection. To mitigate this vulnerability, it is recommended that users upgrade their GitLab instances to the patched versions as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uHTqJ8
https://www.cve.org/CVERecord?id=CVE-2023-2030
https://nvd.nist.gov/vuln/detail/CVE-2023-2030

Back to Vulnerability Database

CVE-2023-2030

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations