16.10.5
16.11.2
CVE-2023-6195 is a Server Side Request Forgery (SSRF) vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability allows an attacker to potentially trigger unintended requests to internal or external resources by manipulating URLs within markdown image values during GitHub repository imports. Affected versions include GitLab CE/EE from 15.5 through 16.11.2, and 16.10 prior to 16.10.5. The vulnerability is resolved in version 16.11.2.
Successful exploitation of CVE-2023-6195 could allow an attacker to perform Server Side Request Forgery (SSRF) attacks within the GitLab environment. This means the GitLab server could be tricked into making requests to internal services or external websites that the attacker controls. While the vulnerability is rated LOW severity, it could still be leveraged to gather information about the internal network, potentially exposing sensitive data or internal services. An attacker could, for example, attempt to access internal APIs or databases that are not directly exposed to the internet. The blast radius is limited to the GitLab instance itself and any internal resources accessible through the SSRF vulnerability.
CVE-2023-6195 was publicly disclosed on January 30, 2025. There is no indication of active exploitation at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The CVSS score of 2.6 reflects the relatively low impact and difficulty of exploitation.
Organizations using GitLab CE/EE versions between 15.5 and 16.11.2, particularly those that frequently import GitHub repositories, are at risk. Teams relying on GitLab for code management and collaboration should prioritize patching to mitigate this SSRF vulnerability.
• linux / server:
journalctl -u gitlab | grep -i "ssrf"• generic web:
curl -I <gitlab_url>/<potentially_malicious_markdown_image_url>• ruby: Examine GitLab source code for instances where markdown image URLs are processed without proper sanitization. Look for patterns involving URI.parse or similar functions.
disclosure
漏洞利用状态
EPSS
0.05% (17% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2023-6195 is to upgrade GitLab CE/EE to version 16.11.2 or later. If an immediate upgrade is not feasible, consider implementing stricter input validation on markdown image URLs to prevent malicious URLs from being processed. Web Application Firewalls (WAFs) configured to detect and block SSRF attempts can also provide an additional layer of defense. Review GitLab's security documentation for further hardening recommendations. After upgrading, confirm the fix by attempting a GitHub repository import with a known malicious URL and verifying that the request is blocked or sanitized.
将 GitLab 更新到 16.9.7、16.10.5 或 16.11.2 版本,或包含 SSRF 漏洞修复程序的更高版本。这可以防止攻击者通过在导入 GitHub 仓库时在 Markdown 图片中使用恶意 URL 来利用此漏洞。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2023-6195 is a Server Side Request Forgery vulnerability in GitLab CE/EE affecting versions 15.5–16.11.2. It allows attackers to trigger unintended requests via malicious URLs in markdown image values during GitHub repository imports.
You are affected if you are running GitLab CE/EE versions 15.5 through 16.11.2, or 16.10 prior to 16.10.5. Upgrade to 16.11.2 or later to resolve the issue.
Upgrade GitLab CE/EE to version 16.11.2 or later. Consider implementing stricter input validation on markdown image URLs as a temporary workaround.
There is currently no indication of active exploitation of CVE-2023-6195.
Refer to the official GitLab security advisory for CVE-2023-6195: [https://gitlab.com/security/advisories/CVE-2023-6195](https://gitlab.com/security/advisories/CVE-2023-6195)