Lucene search

K
cvelistGitLabCVELIST:CVE-2023-5933
HistoryJan 26, 2024 - 1:02 a.m.

CVE-2023-5933 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

2024-01-2601:02:58
CWE-80
GitLab
www.cve.org
cve-2023-5933
gitlab
ce
ee
input sanitization
api put requests

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.9%

An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.

CNA Affected

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "versions": [
      {
        "version": "13.7",
        "status": "affected",
        "lessThan": "16.6.6",
        "versionType": "semver"
      },
      {
        "version": "16.7",
        "status": "affected",
        "lessThan": "16.7.4",
        "versionType": "semver"
      },
      {
        "version": "16.8",
        "status": "affected",
        "lessThan": "16.8.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.9%