CVE-2023-6195

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6195

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6195.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6195

Aliases

BIT-gitlab-2023-6195

Downstream

UBUNTU-CVE-2023-6195

Published

2025-01-31T00:15:08Z

Modified

2025-08-06T11:48:24Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

af0fced4dd2e767d361f2bdc0732be15ad2c1026

Fixed

6878f253b7b50c8e6217ebfd03717b5e5ea960a4