CVE-2023-3906

An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/419213	Broken Link
https://hackerone.com/reports/2071411	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.4.0::::community:::
	cpe:2.3:a:gitlab:gitlab:16.4.0::::enterprise:::

History

No history.

Information

Published : 2023-09-29 07:15

Updated : 2023-10-02 19:42

NVD link : CVE-2023-3906

Mitre link : CVE-2023-3906

CVE.ORG link : CVE-2023-3906

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-1333

Inefficient Regular Expression Complexity

CWE-20

Improper Input Validation

{"id": "CVE-2023-3906", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2023-09-29T07:15:13.233", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419213", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2071411", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1333"}]}, {"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy."}, {"lang": "es", "value": "Un problema de validaci\u00f3n de entrada en el proxy de activos en GitLab EE, que afect\u00f3 a todas las versiones desde 12.3 anterior a 16.2.8, 16.3 anterior a 16.3.5 y 16.4 anterior a 16.4.1, permiti\u00f3 a un atacante autenticado crear URL de im\u00e1genes que omit\u00edan el activo apoderado."}], "lastModified": "2023-10-02T19:42:18.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "8C9F0162-43D7-44C5-BC3D-85ACC3272FAB", "versionEndExcluding": "16.2.8", "versionStartIncluding": "12.3"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CA3C9D7F-FD61-4C19-9FB2-DEEA44B931F3", "versionEndExcluding": "16.2.8", "versionStartIncluding": "12.3"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "50271B2B-7070-4ED0-AB68-65B99D44A68A", "versionEndExcluding": "16.3.5", "versionStartIncluding": "16.3.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589", "versionEndExcluding": "16.3.5", "versionStartIncluding": "16.3.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "B5D4FDD1-7A68-4245-A4D5-842E4FD03FAE"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}