Improper link resolution before file access vulnerability in GitLab CE/EE - CVE-2023-22490 (dpkg)ID: oval:org.secpod.oval:def:87861 | Date: (C)2023-03-07 (M)2024-06-13 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab CE/EE 14.1 before 15.6.8, 15.7 before 15.7.7 or 15.8 before 15.8.2 and is prone to an improper link resolution before file access vulnerability. A flaw is present in the application, which fails to properly handle a specially-crafted repository. Successful exploitation allows attackers to to trick Git to use its local clone optimization even when using a non-local transport.
Product: |
gitlab-ce |
gitlab-ee |