VDB
CVE-2023-5226
CVE-2023-5226
PUBLISHED
An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI.
EPSS 0.11% · 28.7th percentile
Risk Scores
EPSS Score
0.11%
28.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 0, 16.5.0, 16.6.0 |
| Bitnami | gitlab | 16.6.0, 16.5.0, 0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-5226 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2023-5226 (circl-sighting)
- GitLab Issue #426400 (circl)
- https://hackerone.com/reports/2173053 (osv)
Timeline
- Jan 21, 1970 Security Advisory
- Nov 30, 2023 CVE Published
- Dec 1, 2023 EPSS Score
- Dec 21, 2023 PoC Published
- Dec 31, 2023 EPSS Score
- Jan 29, 2024 EPSS Score
- Feb 28, 2024 EPSS Score
- Mar 29, 2024 EPSS Score
- Apr 27, 2024 EPSS Score
- May 27, 2024 EPSS Score
- Jun 26, 2024 EPSS Score
- Jul 25, 2024 EPSS Score