Skip to content

Commit

Permalink
1 changes (1 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 1 new CVEs:  CVE-2023-6195
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Jan 30, 2025
1 parent ad17c15 commit 18ba2e5
Show file tree
Hide file tree
Showing 3 changed files with 149 additions and 18 deletions.
129 changes: 129 additions & 0 deletions cves/2023/6xxx/CVE-2023-6195.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2023-6195",
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"state": "PUBLISHED",
"assignerShortName": "GitLab",
"dateReserved": "2023-11-17T20:01:11.807Z",
"datePublished": "2025-01-30T23:45:10.780Z",
"dateUpdated": "2025-01-30T23:45:10.780Z"
},
"containers": {
"cna": {
"title": "Server-Side Request Forgery (SSRF) in GitLab",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository."
}
],
"affected": [
{
"vendor": "GitLab",
"product": "GitLab",
"repo": "git://[email protected]:gitlab-org/gitlab.git",
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "15.5",
"status": "affected",
"lessThan": "16.9.7",
"versionType": "semver"
},
{
"version": "16.10",
"status": "affected",
"lessThan": "16.10.5",
"versionType": "semver"
},
{
"version": "16.11",
"status": "affected",
"lessThan": "16.11.2",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/432276",
"name": "GitLab Issue #432276",
"tags": [
"issue-tracking",
"permissions-required"
]
},
{
"url": "https://hackerone.com/reports/2249268",
"name": "HackerOne Bug Bounty Report #2249268",
"tags": [
"technical-description",
"exploit",
"permissions-required"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW"
}
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [imrerad](https://hackerone.com/imrerad) for reporting this vulnerability through our HackerOne bug bounty program",
"type": "finder"
}
],
"providerMetadata": {
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab",
"dateUpdated": "2025-01-30T23:45:10.780Z"
}
}
}
}
24 changes: 6 additions & 18 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,12 @@
{
"fetchTime": "2025-01-30T23:45:06.311Z",
"numberOfChanges": 3,
"fetchTime": "2025-01-30T23:51:04.613Z",
"numberOfChanges": 1,
"new": [
{
"cveId": "CVE-2024-1211",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1211",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1211.json",
"dateUpdated": "2025-01-30T23:45:00.772Z"
},
{
"cveId": "CVE-2024-23970",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-23970",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/23xxx/CVE-2024-23970.json",
"dateUpdated": "2025-01-30T23:40:49.963Z"
},
{
"cveId": "CVE-2024-23971",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-23971",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/23xxx/CVE-2024-23971.json",
"dateUpdated": "2025-01-30T23:42:57.796Z"
"cveId": "CVE-2023-6195",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-6195",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/6xxx/CVE-2023-6195.json",
"dateUpdated": "2025-01-30T23:45:10.780Z"
}
],
"updated": [],
Expand Down
14 changes: 14 additions & 0 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,18 @@
[
{
"fetchTime": "2025-01-30T23:51:04.613Z",
"numberOfChanges": 1,
"new": [
{
"cveId": "CVE-2023-6195",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-6195",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/6xxx/CVE-2023-6195.json",
"dateUpdated": "2025-01-30T23:45:10.780Z"
}
],
"updated": [],
"error": []
},
{
"fetchTime": "2025-01-30T23:45:06.311Z",
"numberOfChanges": 3,
Expand Down

0 comments on commit 18ba2e5

Please sign in to comment.