{"api_version":"1","generated_at":"2026-04-23T04:34:03+00:00","cve":"CVE-2023-1178","urls":{"html":"https://cve.report/CVE-2023-1178","api":"https://cve.report/api/cve/CVE-2023-1178.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-1178","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-1178"},"summary":{"title":"CVE-2023-1178","description":"An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.","state":"PUBLIC","assigner":"cve@gitlab.com","published_at":"2023-05-03 22:15:00","updated_at":"2023-05-09 20:53:00"},"problem_types":["CWE-94"],"metrics":[],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/381815","name":"https://gitlab.com/gitlab-org/gitlab/-/issues/381815","refsource":"MISC","tags":[],"title":"Not Found","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://hackerone.com/reports/1778009","name":"https://hackerone.com/reports/1778009","refsource":"MISC","tags":[],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"403"},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json","name":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json","refsource":"CONFIRM","tags":[],"title":"2023/CVE-2023-1178.json · master · GitLab.org / cves · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-1178","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1178","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Thanks [st4nly0n](https://hackerone.com/st4nly0n) for reporting this vulnerability through our HackerOne bug bounty program","lang":""}],"nvd_cpes":[{"cve_year":"2023","cve_id":"1178","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"community","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1178","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-1178","qid":"379220","title":"GitLab Multiple Security Vulnerabilities (gitlab- 15.11.1, 15.10.5, and 15.9.6)"},{"cve":"CVE-2023-1178","qid":"691159","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for gitlab (4ffcccae-e924-11ed-9c88-001b217b3468)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-1178","ASSIGNER":"cve@gitlab.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"GitLab","product":{"product_data":[{"product_name":"GitLab","version":{"version_data":[{"version_value":">=8.6, <15.9.6"},{"version_value":">=15.10, <15.10.5"},{"version_value":">=15.11, <15.11.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper control of generation of code ('code injection') in GitLab"}]}]},"references":{"reference_data":[{"name":"https://hackerone.com/reports/1778009","url":"https://hackerone.com/reports/1778009","refsource":"MISC"},{"name":"https://gitlab.com/gitlab-org/gitlab/-/issues/381815","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/381815","refsource":"MISC"},{"name":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json","refsource":"CONFIRM"}]},"description":{"description_data":[{"lang":"eng","value":"An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit."}]},"impact":{"cvss":{"vectorString":"AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","version":"3.1","baseScore":5.7,"baseSeverity":"MEDIUM"}},"credit":[{"lang":"eng","value":"Thanks [st4nly0n](https://hackerone.com/st4nly0n) for reporting this vulnerability through our HackerOne bug bounty program"}]},"nvd":{"publishedDate":"2023-05-03 22:15:00","lastModifiedDate":"2023-05-09 20:53:00","problem_types":["CWE-94"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.1,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"8.6.0","versionEndExcluding":"15.9.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"8.6.0","versionEndExcluding":"15.9.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"15.10","versionEndExcluding":"15.10.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"15.10","versionEndExcluding":"15.10.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"15.11","versionEndExcluding":"15.11.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"15.11","versionEndExcluding":"15.11.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}