An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.

Related CVEs

CVE-2023-4008

Key Information

GHSA ID

GHSA-29hm-v8p9-7mcg

Published

August 3, 2023 9:30 AM

Last Modified

April 4, 2024 6:30 AM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 3, 2025 6:48 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.