Home > Vulnerability Database > CVE-2023-1965

Mend.io Vulnerability Database

CVE-2023-1965

Good to know:

Date: May 2, 2023

An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.

Language: Ruby

Severity Score

6.8

Related Resources (5)

Url: https://hackerone.com/reports/1923672

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/406235

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-1965

Url: https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1965.json

Url: https://www.mend.io/vulnerability-database/CVE-2023-1965

Severity Score

6.8

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version v15.9.6,v15.10.5,v15.11.1

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-1965

Good to know:

Date: May 2, 2023

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?