Lucene search
HistoryDec 04, 2023 - 7:15 a.m.
CVE-2023-5332
patch
consul library
gitlab-ee
security bypass
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
48.3%
Patch in third party library Consul requires ‘enable-script-checks’ to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Affected configurations
Node
gitlabgitlabRange9.5.0–16.2.8enterprise
ORgitlabgitlabRange16.3.0–16.3.5enterprise
ORgitlabgitlabMatch16.4.0enterprise
Node
hashicorpconsulRange<0.9.4-
ORhashicorpconsulRange1.0.0–1.0.8-
ORhashicorpconsulRange1.2.0–1.2.4-
ORhashicorpconsulMatch1.1.0-
Related
cvelist
cvelist
CVE-2023-5332 Configuration in GitLab
2023-12-04 06:30:33
cve
cve
CVE-2023-5332
2023-12-04 07:15:07
debiancve
debiancve
CVE-2023-5332
2023-12-04 07:15:07
prion
prion
Code injection
2023-12-04 07:15:00
redhatcve
redhatcve
CVE-2023-5332
2023-12-05 05:42:43
osv
osv
BIT-gitlab-2023-5332
2024-03-06 10:56:56
CVE-2023-5332
2023-12-04 07:15:07
BIT-consul-2023-5332
2024-03-06 10:50:58
nessus
nessus
GitLab 9.5.0 < 16.2.8 / 16.3.0 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-5332)
2023-10-12 00:00:00
ubuntucve
ubuntucve
CVE-2023-5332
2023-12-04 00:00:00
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
48.3%
Related for NVD:CVE-2023-5332