CVE-2023-2164 — Vulnetix

CVE-2023-2164 PUBLISHED

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta.

EPSS 52.17% · 98.0th percentile

Risk Scores

EPSS Score

52.17%

98.0th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	16.1.0, 16.2.0, 15.9.0
Bitnami	gitlab	15.9.0, 16.1.0, 16.2.0

Exploit Intelligence

GitLab Issue #407783 (circl)
https://hackerone.com/reports/1940598 (osv)

Timeline

Aug 1, 2023 CVE Published
Aug 2, 2023 EPSS Score
Aug 2, 2023 CVE Updated
Mar 17, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 1, 2025 EPSS Score
Apr 2, 2025 EPSS Score
Apr 14, 2025 EPSS Score
May 1, 2025 EPSS Score

References

https://gitlab.com/gitlab-org/gitlab/-/issues/407783 url
https://hackerone.com/reports/1940598 url
https://nvd.nist.gov/vuln/detail/CVE-2023-2164 url

Open in Interactive Console →