Vulnerability CVE-2023-0050 - Russian Vulnerability Scanner Database

Scores

EPSS

0.783medium78.3%

0%20%40%60%80%100%

Percentile: 78.3%

CVSS

5.4medium3.x

0246810

CVSS Score: 5.4/10

All CVSS Scores

CVSS 3.x

5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.

Sources

anchore_overridesdebiannvdubuntu

CWEs

CWE-79

Vulnerable Software (6)

Type: Configuration

Operating System:

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",          "versionEndExcluding": "15.7.8",          "versionStartIncluding": "1...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",          "versionEndExcluding": "15.7.8",          "versionStartIncluding": "13.7"        },        {          "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",          "versionEndExcluding": "15.8.4",          "versionStartIncluding": "15.8"        },        {          "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",          "versionEndExcluding": "15.9.2",          "versionStartIncluding": "15.9"        }      ],      "negate": false,      "operator": "OR"    }  ],  "operator": "OR"}

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",          "versionEndExcluding": "15.7.8",          "versionStartInclu...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",          "versionEndExcluding": "15.7.8",          "versionStartIncluding": "13.7"        },        {          "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",          "versionEndExcluding": "15.8.4",          "versionStartIncluding": "15.8"        },        {          "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",          "versionEndExcluding": "15.9.2",          "versionStartIncluding": "15.9"        }      ],      "negate": false,      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*",          "versionEndExcluding": "15.7.8",          "versionStartIncluding": "13.7"        },        {          "cpe23uri": "cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*",          "versionEndExcluding": "15.8.4",          "versionStartIncluding": "15.8"        },        {          "cpe23uri": "cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*",          "versionEndExcluding": "15.9.2",          "versionStartIncluding": "15.9"        }      ],      "negate": false,      "operator": "OR"    }  ],  "operator": "OR"}

Source: anchore_overrides

Type: Configuration

Product: gitlab

Operating System: ubuntu trusty 14.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: gitlab

Operating System: ubuntu xenial 16.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: gitlab

Operating System: debian

Trait:

{  "fixed": "15.10.8+ds1-2"}

Source: debian

Type: Configuration

Vendor: gitlab

Product: gitlab

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",      "versionEndExcluding": "15.7.8",      "versionStartIncluding": "13.7",      "vulnerable": true   ...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",      "versionEndExcluding": "15.7.8",      "versionStartIncluding": "13.7",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",      "versionEndExcluding": "15.7.8",      "versionStartIncluding": "13.7",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",      "versionEndExcluding": "15.8.4",      "versionStartIncluding": "15.8",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",      "versionEndExcluding": "15.8.4",      "versionStartIncluding": "15.8",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",      "versionEndExcluding": "15.9.2",      "versionStartIncluding": "15.9",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",      "versionEndExcluding": "15.9.2",      "versionStartIncluding": "15.9",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Russian Vulnerability Scanner Database

CVE-2023-0050

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Vulnerable Software (6)