CVE-2023-3401

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 2, 2023

Updated: Aug 4, 2023

CWE ID 94

Summary

CVE-2023-3401 is a newly disclosed vulnerability in GitLab that puts all versions before 16.0.8, as well as specific versions in the 16.1 and 16.2 series, at risk. Malicious actors can exploit this issue by creating a repository with a specific name in the main branch, gaining the ability to create new repositories with malicious code. This vulnerability could potentially lead to unauthorized repository creation and code injection in affected GitLab instances. Users are urged to upgrade to the latest version, 16.2.2 or later, to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rydw9s
https://www.cve.org/CVERecord?id=CVE-2023-3401
https://nvd.nist.gov/vuln/detail/CVE-2023-3401

Back to Vulnerability Database

CVE-2023-3401

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations