x/vulndb: potential Go vuln in gitlab.com/gitlab-org/gitlab-pages: CVE-2023-0042

[GoVulnBot]

CVE-2023-0042 references gitlab.com/gitlab-org/gitlab-pages, which may be a Go module.

Description:
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-0042
• JSON: https://github.com/CVEProject/cvelist/tree/8ed13c027e7e3187e40fd0c0bc5af9d2a052f42f/2023/0xxx/CVE-2023-0042.json
• web: https://gitlab.com/gitlab-org/gitlab-pages/-/issues/728
• web: https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0042.json
• Imported by: https://pkg.go.dev/gitlab.com/gitlab-org/gitlab-pages?tab=importedby

Cross references:

• Module gitlab.com/gitlab-org/gitlab-pages appears in issue x/vulndb: potential Go vuln in "gitlab.com/gitlab-org/gitlab-pages": CVE-2018-19572 #199 NOT_GO_CODE
• Module gitlab.com/gitlab-org/gitlab-pages appears in issue x/vulndb: potential Go vuln in gitlab.com/gitlab-org/gitlab-pages: CVE-2022-1121 #415 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: gitlab.com/gitlab-org/gitlab-pages
    packages:
      - package: GitLab
description: |
    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
cves:
  - CVE-2023-0042
credit: This vulnerability has been discovered internally by a GitLab team member,
    Joern Schneeweisz
references:
  - web: https://gitlab.com/gitlab-org/gitlab-pages/-/issues/728
  - web: https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0042.json

[gopherbot]

Change https://go.dev/cl/464316 mentions this issue: data/excluded: batch add excluded reports