CVE-2023-2030

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-2030
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2030.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-2030
Aliases
Downstream
Published
2024-01-12T13:57:06.694Z
Modified
2025-12-05T00:19:54.890834Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Improper Verification of Cryptographic Signature in GitLab
Details

An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/2xxx/CVE-2023-2030.json",
    "cwe_ids": [
        "CWE-347"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
30032e00da906361c553a1eef4ffcd13378b43ee
Fixed
328c57b01842700127bb3d1302f5b5b967fa4442
Database specific 
{
    "versions": [
        {
            "introduced": "12.2"
        },
        {
            "fixed": "16.5.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
94991886af3e3820aa09fa353b29cf8557c93168
Fixed
1873157df5a1e602741dc5fbe790db81888baea4
Database specific 
{
    "versions": [
        {
            "introduced": "16.6"
        },
        {
            "fixed": "16.6.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
9e7d34f7ff11405ece06ec398b66965d153cee6f
Fixed
847f5d82ad6aa1208a61fee603fc0e0ce1786f19
Database specific 
{
    "versions": [
        {
            "introduced": "16.7"
        },
        {
            "fixed": "16.7.2"
        }
    ]
}

Affected versions

v16.*

v16.6.0-ee
v16.6.1-ee
v16.6.2-ee
v16.7.0-ee