CVE-2023-6051

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-6051

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6051.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6051

Aliases

BIT-gitlab-2023-6051

Downstream

UBUNTU-CVE-2023-6051

Published

2023-12-15T16:02:50.265Z

Modified

2026-04-10T05:07:15.444049Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Improper Control of Generation of Code ('Code Injection') in GitLab

Details

An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag.

Database specific

{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6051.json",
    "cwe_ids": [
        "CWE-94"
    ]
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

Fixed

67af793e55bd098111d3c3e265cd2c92eb283f1c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "16.4.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

fc87c9d4cca1536abcf902b4128f5c2004d87162

Fixed

e61024519bb5cc50876f66ccd646ffb4f362cb9f

Database specific

{
    "versions": [
        {
            "introduced": "16.5"
        },
        {
            "fixed": "16.5.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

94991886af3e3820aa09fa353b29cf8557c93168

Fixed

fddcadf1869c436c104fcc477884a0c17c2b3c70

Database specific

{
    "versions": [
        {
            "introduced": "16.6"
        },
        {
            "fixed": "16.6.2"
        }
    ]
}

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee

11-10-0cfa69752d8-74ffd66ae-ee

11-10-119f9509d50-6d7537235-ee

v1.*

v1.2.0

v1.2.0pre

v1.2.1

v1.2.2

v16.*

v16.4.0-ee

v16.4.0-rc42-ee

v16.4.0-rc43-ee

v16.5.0-ee

v16.5.2-ee

v16.6.0-ee

v2.*

v2.3.0

v2.3.0pre

v2.3.1

v2.4.0

v2.4.0pre

v2.4.1

v2.5.0

v2.6.0

v2.6.0pre

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0pre

v2.8.0

v2.8.0pre

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.5.0-ee

v6.6.0-ee

v6.7.0-ee

v6.7.0.rc1-ee

v6.8.0-ee

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6051.json"