Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-5332HistoryDec 04, 2023 - 7:15 a.m.
CVE-2023-5332
2023-12-0407:15:07
Debian Security Bug Tracker
security-tracker.debian.org
16
consul library
enable-script-checks
bypass
gitlab-ee
unix
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
5.6
Confidence
High
EPSS
0.001
Percentile
48.2%
Patch in third party library Consul requires ‘enable-script-checks’ to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | consul | <= 1.8.7+dfsg1-2 | consul_1.8.7+dfsg1-2_all.deb |
Related
cvelist
cvelist
CVE-2023-5332 Configuration in GitLab
2023-12-04 06:30:33
cve
cve
CVE-2023-5332
2023-12-04 07:15:07
prion
prion
Code injection
2023-12-04 07:15:00
redhatcve
redhatcve
CVE-2023-5332
2023-12-05 05:42:43
nessus
nessus
GitLab 9.5.0 < 16.2.8 / 16.3.0 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-5332)
2023-10-12 00:00:00
osv
osv
BIT-gitlab-2023-5332
2024-03-06 10:56:56
CVE-2023-5332
2023-12-04 07:15:07
BIT-consul-2023-5332
2024-03-06 10:50:58
nvd
nvd
CVE-2023-5332
2023-12-04 07:15:07
ubuntucve
ubuntucve
CVE-2023-5332
2023-12-04 00:00:00
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
5.6
Confidence
High
EPSS
0.001
Percentile
48.2%
Related for DEBIANCVE:CVE-2023-5332