CVE-2023-6051

MEDIUM

GitLab CE/EE <16.4.4, <16.5.4, <16.6.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-6051. PoCs published by hackerone_a0xnirudh.

AI-analyzed exploit summary The repository contains a deceptive backdoor.py file that prints a compromise message, indicating it is not a legitimate PoC for CVE-2023-6051. The README is a generic GitLab template with no technical details about the vulnerability.

Description

An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag.

Exploits (1)

gitlab TROJAN

by hackerone_a0xnirudh · poc

https://gitlab.com/hackerone_a0xnirudh/cve-2023-6051-bypass-repro

View Code ZIP pw:eip

The repository contains a deceptive backdoor.py file that prints a compromise message, indicating it is not a legitimate PoC for CVE-2023-6051. The README is a generic GitLab template with no technical details about the vulnerability.

Classification

Trojan 95%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Unknown

No auth needed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 24, 2026 Full analysis →

References (2)

Core 2

Core References

Broken Link issue-tracking

https://gitlab.com/gitlab-org/gitlab/-/issues/431345

Permissions Required technical-description exploit permissions-required

https://hackerone.com/reports/2237165

Scores

CVSS v3 5.7

EPSS 0.0062

EPSS Percentile 44.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-94

Status published

Products (1)

gitlab/gitlab < 16.4.4 (2 CPE variants)

Published Dec 15, 2023

Tracked Since Feb 18, 2026