CVE-2023-1965: 
GitLab vulnerability analysis and mitigation

An issue was discovered in GitLab Enterprise Edition (EE) affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, and all versions starting from 15.11 before 15.11.1. The vulnerability relates to a lack of verification on the RelayState parameter in SAML authentication, which could allow maliciously crafted URLs to obtain access tokens granted for 3rd party Group SAML SSO logins (GitLab Security Release).

The vulnerability stems from insufficient validation of the RelayState parameter in SAML authentication flows. This security flaw has been assigned a CVSS v3.1 score of 6.8 (Medium) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N. The SAML feature affected by this vulnerability is not enabled by default (GitLab Security Release).

If exploited, this vulnerability could allow an attacker to obtain access tokens granted for 3rd party Group SAML SSO logins. This could potentially lead to unauthorized access to user accounts and sensitive information. The vulnerability specifically affects installations using SAML single sign-on authentication (GitLab Security Release).

GitLab has addressed this vulnerability in versions 15.9.6, 15.10.5, and 15.11.1. Users are strongly recommended to upgrade to these or later versions immediately. As a temporary workaround, administrators should ensure the RelayState setting on the identity provider side is set to a valid URL (GitLab Security Release).