GitLab Vulnerability: Ambiguous Branch Name Social Engineering

CVE-2023-0450 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.

Learn more about our Social Engineering.