CVE-2023-31485

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-31485

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31485.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-31485

Downstream

DEBIAN-CVE-2023-31485

UBUNTU-CVE-2023-31485

Published

2023-04-29T00:15:09.043Z

Modified

2025-11-20T12:17:30.146717Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.

References

Affected packages

Git / github.com/bluefeet/gitlab-api-v4

Affected ranges

Type: GIT
Repo: https://github.com/bluefeet/gitlab-api-v4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

57c85825c929ee7b6610f4ee81ca04c739d037c2

Affected versions

0.*

0.01

0.02

0.03

0.04

0.05

0.06

0.07

0.08

0.09

0.10

0.11

0.12

0.13

0.14

0.15

0.16

0.17

0.18

0.19

0.20

0.21

0.22

0.23

0.24

0.25

0.26