CVE-2023-0050
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts through specially crafted Kroki diagrams in GitLab, leading to stored cross-site scripting (XSS). When victims view these diagrams, attackers can perform arbitrary actions on their behalf, potentially compromising accounts and data. All GitLab instances running affected versions are vulnerable.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full control of victim accounts, steal session tokens, exfiltrate sensitive data, modify repositories, and pivot to internal systems.
Likely Case
Session hijacking, account takeover, data theft from user sessions, and unauthorized repository modifications.
If Mitigated
With proper input validation and output encoding, the XSS payload would be neutralized, preventing script execution.
🎯 Exploit Status
Exploitation requires creating or modifying a Kroki diagram with malicious payload. Public proof-of-concept exists in HackerOne report.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 15.7.8, 15.8.4, or 15.9.2
Vendor Advisory: https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0050.json
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 15.7.8, 15.8.4, or 15.9.2 depending on your current version. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable Kroki Integration
linuxTemporarily disable Kroki diagram rendering to prevent exploitation.
gitlab-rails runner "ApplicationSetting.current.update!(kroki_enabled: false)"
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to block inline scripts.
- Enable GitLab's built-in XSS protection features and review user-generated content.
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin panel or command: sudo gitlab-rake gitlab:env:info | grep 'GitLab Version'Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab Version'Verify Fix Applied:
Confirm version is 15.7.8, 15.8.4, or 15.9.2 or higher. Test Kroki diagram functionality for script execution.📡 Detection & Monitoring
Log Indicators:
- Unusual Kroki diagram creation/modification patterns
- JavaScript errors in application logs
- Suspicious user agent strings in access logs
Network Indicators:
- Unexpected outbound connections from GitLab server
- Data exfiltration patterns
SIEM Query:
source="gitlab.log" AND ("kroki" OR "diagram") AND ("script" OR "javascript" OR "onerror")🔗 References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0050.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/387023
- https://hackerone.com/reports/1731349
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0050.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/387023
- https://hackerone.com/reports/1731349
