CVE-2023-6680 — HIGH (7.4) — White Hats Nepal

Q: How severe is CVE-2023-6680?

CVE-2023-6680 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-6680?

Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.

Vulnerability Description

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Gitlab	Gitlab	>= 11.6, < 16.4.4

Related Weaknesses (CWE)

CWE-295

References

https://gitlab.com/gitlab-org/gitlab/-/issues/421607Broken Link
https://gitlab.com/gitlab-org/gitlab/-/issues/421607Broken Link

FAQ

What is CVE-2023-6680?

CVE-2023-6680 is a vulnerability with a CVSS score of 7.4 (HIGH). An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to...

How severe is CVE-2023-6680?

CVE-2023-6680 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6680?

Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.