Published: 29/04/2023 Updated: 08/05/2023

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 0

GitLab::API::v4 up to and including 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitlab\\ \\ api\\

Debian Bug report logs - #954051 ibgitlab-api-v4-perl: CVE-2023-31485 Package: libgitlab-api-v4-perl; Maintainer for libgitlab-api-v4-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for libgitlab-api-v4-perl is src:libgitlab-api-v4-perl (PTS, buildd, popcon) Reported by: Felix Lechner <fel ...

CWE-295 https://github.com/bluefeet/GitLab-API-v4/pull/57 https://www.openwall.com/lists/oss-security/2023/04/18/14 https://github.com/chansen/p5-http-tiny/pull/151 https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/http://www.openwall.com/lists/oss-security/2023/04/29/1 http://www.openwall.com/lists/oss-security/2023/05/03/3 http://www.openwall.com/lists/oss-security/2023/05/03/5 http://www.openwall.com/lists/oss-security/2023/05/07/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954051 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-31485

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect