VDB
CVE-2023-1965
CVE-2023-1965
PUBLISHED
An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.
EPSS 0.23% · 45.5th percentile
Risk Scores
EPSS Score
0.23%
45.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 14.2.0, 15.10.0, 15.11.0 |
| Bitnami | gitlab | 15.10.0, 15.11.0, 14.2.0 |
Exploit Intelligence
- https://gitlab.com/gitlab-org/gitlab/-/issues/391433 (circl)
- https://hackerone.com/reports/1850046 (circl)
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json (circl)
- https://hackerone.com/reports/1923672 (bitnami)
- saml.ts (github-poc)
- saml.ts (github-poc)
- saml.ts (github-poc)
- saml.ts (github-poc)
- saml.ts (github-poc)
- saml.ts (github-poc)
…and 1 more exploits
Timeline
- May 2, 2023 CVE Published
- May 4, 2023 EPSS Score
- May 4, 2023 CVE Updated
- Jun 10, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Aug 23, 2023 EPSS Score
- Sep 29, 2023 EPSS Score
- Nov 5, 2023 EPSS Score
- Dec 12, 2023 EPSS Score
- Jan 18, 2024 EPSS Score
- Feb 24, 2024 EPSS Score
- Apr 1, 2024 EPSS Score