CVE-2023-1965

Published
View on NVD ↗
CVSS v3
6.8
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.

gitlab-org/cves
gitlab-org/cves
This project hosts the CVEs that have been assigned by GitLab in its role as a CNA. See https://about.gitlab.com/security/cve/ for more information
GitLabGitLab
22
gitlab-org/gitlab
gitlab-org/gitlab
GitLab is the open-source DevSecOps platform that provides a complete software development lifecycle toolchain including source control, CI/CD, security scanning, and project management in a single application.
GitLabGitLab
6.06K