CVE-2023-1279

LOW

Gitlab < 16.1.5 - Open Redirect

Title source: rule

Description

An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/395437

[Permissions Required] https://hackerone.com/reports/1889230

Scores

CVSS v3 2.6

EPSS 0.0005

EPSS Percentile 13.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-601

Status published

Affected Products (4)

gitlab/gitlab < 16.1.5

gitlab/gitlab

Timeline

Published Sep 01, 2023

Tracked Since Feb 18, 2026