cve/2023/CVE-2023-1265.md

### [CVE-2023-1265](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1265)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control%20in%20GitLab&color=brighgreen)

### Description

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.

### POC

#### Reference
- https://gitlab.com/gitlab-org/gitlab/-/issues/394960

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-1265](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1265)`
			`![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control%20in%20GitLab&color=brighgreen)`

			`### Description`

			`An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.`

			`### POC`

			`#### Reference`
			`- https://gitlab.com/gitlab-org/gitlab/-/issues/394960`

			`#### Github`
			`No PoCs found on GitHub currently.`