CVE-2023-2001

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-2001
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2001.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-2001
Aliases
Downstream
Published
2023-06-07T00:00:00Z
Modified
2026-02-18T03:01:06.401723Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/2xxx/CVE-2023-2001.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
4dce6bc3728f63bc9086ff3088cda7527f6f0bec
Fixed
a81364cc950ad7396dbe403a87bb398d52ca9994
Database specific 
{
    "versions": [
        {
            "introduced": "15.11"
        },
        {
            "fixed": "15.11.7"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
280a09dbca836a6eedf5da1e63953fe8da44bf4c
Fixed
a1daac1686c9dad556b2fa9324f107fb72eae066
Database specific 
{
    "versions": [
        {
            "introduced": "16.0"
        },
        {
            "fixed": "16.0.2"
        }
    ]
}

Affected versions

v15.*
v15.11.0-ee
v15.11.1-ee
v15.11.2-ee
v15.11.3-ee
v15.11.4-ee
v15.11.5-ee
v15.11.6-ee
v16.*
v16.0.0-ee
v16.0.1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2001.json"