BIT-gitlab-2023-1265

BIT-gitlab-2023-1265 PUBLISHED CVSS 4.5 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.

Risk Scores

CVSS 3.1

4.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	11.9.0, 15.10.0, 15.11.0

Exploit Intelligence

https://hackerone.com/reports/1888690 (osv)

Timeline

Mar 6, 2024 CVE Published
Apr 3, 2025 CVE Updated

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json url
https://gitlab.com/gitlab-org/gitlab/-/issues/394960 url
https://hackerone.com/reports/1888690 url
https://nvd.nist.gov/vuln/detail/CVE-2023-1265 url

Open in Interactive Console →