{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3385", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-06-23T10:15:05.337Z", "datePublished": "2023-08-01T23:35:55.776Z", "dateUpdated": "2024-09-18T13:09:46.886Z"}, "containers": {"cna": {"title": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html)."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "8.10", "status": "affected", "lessThan": "16.0.8", "versionType": "semver"}, {"version": "16.1.0", "status": "affected", "lessThan": "16.1.3", "versionType": "semver"}, {"version": "16.2.0", "status": "affected", "lessThan": "16.2.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416161", "name": "GitLab Issue #416161", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/2032730", "name": "HackerOne Bug Bounty Report #2032730", "tags": ["technical-description", "exploit", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above."}], "credits": [{"lang": "en", "value": "Thanks [ubercomp](https://hackerone.com/ubercomp) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-09-18T04:04:35.184Z"}}, "adp": [{"affected": [{"vendor": "gitlab", "product": "gitlab", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.10", "status": "affected", "lessThan": "16.0.8", "versionType": "custom"}, {"version": "16.1.0", "status": "affected", "lessThan": "16.1.3", "versionType": "custom"}, {"version": "16.2.0", "status": "affected", "lessThan": "16.2.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-24T13:39:50.321710Z", "id": "CVE-2023-3385", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T13:09:46.886Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.047Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416161", "name": "GitLab Issue #416161", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/2032730", "name": "HackerOne Bug Bounty Report #2032730", "tags": ["technical-description", "exploit", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416161", "name": "GitLab Issue #416161", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/2032730", "name": "HackerOne Bug Bounty Report #2032730", "tags": ["technical-description", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.047Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3385", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-24T13:39:50.321710Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "vendor": "gitlab", "product": "gitlab", "versions": [{"status": "affected", "version": "8.10", "lessThan": "16.0.8", "versionType": "custom"}, {"status": "affected", "version": "16.1.0", "lessThan": "16.1.3", "versionType": "custom"}, {"status": "affected", "version": "16.2.0", "lessThan": "16.2.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T13:40:59.817Z"}}], "cna": {"title": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [ubercomp](https://hackerone.com/ubercomp) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "8.10", "lessThan": "16.0.8", "versionType": "semver"}, {"status": "affected", "version": "16.1.0", "lessThan": "16.1.3", "versionType": "semver"}, {"status": "affected", "version": "16.2.0", "lessThan": "16.2.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416161", "name": "GitLab Issue #416161", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/2032730", "name": "HackerOne Bug Bounty Report #2032730", "tags": ["technical-description", "exploit", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-09-18T04:04:35.184Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3385", "state": "PUBLISHED", "dateUpdated": "2024-09-18T13:09:46.886Z", "dateReserved": "2023-06-23T10:15:05.337Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2023-08-01T23:35:55.776Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "464745AD-160C-49DD-926D-50839EAEB751", "versionEndExcluding": "16.0.8", "versionStartIncluding": "8.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "42A815DE-E4CE-471C-9C2F-E75EF5F6E276", "versionEndExcluding": "16.0.8", "versionStartIncluding": "8.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "5866BCA4-7C2D-4808-84FE-310E5D23454F", "versionEndExcluding": "16.1.3", "versionStartIncluding": "16.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F3157827-C742-45E6-B301-AD19559B1990", "versionEndExcluding": "16.1.3", "versionStartIncluding": "16.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "B5F4AA39-7E7A-4BF9-BF67-A7317308314A", "versionEndExcluding": "16.2.2", "versionStartIncluding": "16.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "08D3BB71-01AC-47D7-ADD8-9D4EF67E66ED", "versionEndExcluding": "16.2.2", "versionStartIncluding": "16.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html)."}, {"lang": "es", "value": "Se ha descubierto un problema en GitLab que afecta a todas las versiones a partir de la 8.10 antes de la 16.0.8, todas las versiones a partir de la 16.1 antes de la 16.1.3, todas las versiones a partir de la 16.2 antes de la 16.2.2. En determinadas circunstancias, un usuario que importaba un proyecto \"desde exportaci\u00f3n\" pod\u00eda acceder a archivos no relacionados y leerlos mediante la carga de un archivo especialmente dise\u00f1ado. Esto se deb\u00eda a un error en `tar`, corregido en [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html).\n"}], "id": "CVE-2023-3385", "lastModified": "2023-08-04T19:19:04.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2023-08-02T00:15:18.690", "references": [{"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416161"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2032730"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "cve@gitlab.com", "type": "Secondary"}]}

{"bugzilla": {"description": "gitlab: tar utility causes importing a project access to read unauthorized files", "id": "2228523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228523"}, "csaw": false, "details": ["An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html)."], "name": "CVE-2023-3385", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2023-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-3385\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3385\nhttps://gitlab.com/gitlab-org/gitlab/-/issues/416161\nhttps://hackerone.com/reports/2032730"], "statement": "The GitLab package used in OpenShift is a GitLab API NodeJS library which is not affected by CVE-2023-3385.", "threat_severity": "Moderate", "upstream_fix": "gitlab 16.0.8, gitlab 16.1.3, gitlab 16.2.2"}