CVE-2023-6195

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.5 through 16.9.7 GitLab CE/EE versions 16.10 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2

Description The issue is related to Server Side Request Forgery (SSRF) in GitLab CE/EE. An attacker can exploit this by using a malicious URL in the markdown image value when importing a GitHub repository. This allows a remote attacker to perform an SSRF attack due to insufficient server-side request validation.

Recommendations For GitLab CE/EE versions 15.5 through 16.9.7, update to version 16.9.7 or later. For GitLab CE/EE versions 16.10 through 16.10.5, update to version 16.10.5 or later. For GitLab CE/EE versions 16.11 through 16.11.2, update to version 16.11.2 or later. As a temporary workaround, consider restricting the use of markdown image values when importing GitHub repositories until a patch is available.