CVE-2023-31485

CVSS V2 None CVSS V3 None
Description
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.
Overview
  • CVE ID
  • CVE-2023-31485
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Received
  • Published Version
  • 2023-04-29T00:15:09
  • Last Modified Date
  • 2023-04-29T00:15:09
References
Reference URL Reference Tags
https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
https://github.com/bluefeet/GitLab-API-v4/pull/57
https://github.com/chansen/p5-http-tiny/pull/151
https://www.openwall.com/lists/oss-security/2023/04/18/14
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-31485
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31485
History
Created Old Value New Value Data Type Notes
2023-04-29 01:01:11 Added to TrackCVE