Lucene search
HistoryJan 26, 2024 - 1:15 a.m.
CVE-2023-5933
gitlab
vulnerability
input sanitization
api
put requests
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.2
Confidence
High
EPSS
0.002
Percentile
60.0%
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
Affected configurations
Node
gitlabgitlabRange13.7.0–16.6.6community
ORgitlabgitlabRange13.7.0–16.6.6enterprise
ORgitlabgitlabRange16.7.0–16.7.4community
ORgitlabgitlabRange16.7.0–16.7.4enterprise
ORgitlabgitlabMatch16.8.0community
ORgitlabgitlabMatch16.8.0enterprise
Related
cve
cve
CVE-2023-5933
2024-01-26 01:15:08
debiancve
debiancve
CVE-2023-5933
2024-01-26 01:15:08
cvelist
cvelist
osv
osv
BIT-gitlab-2023-5933
2024-03-06 10:55:55
CVE-2023-5933
2024-01-26 01:15:08
ubuntucve
ubuntucve
CVE-2023-5933
2024-01-26 00:00:00
prion
prion
Input validation
2024-01-26 01:15:00
veracode
veracode
Cross-site Scripting
2024-02-01 19:48:04
nessus
nessus
GitLab 13.7 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2023-5933)
2024-01-25 00:00:00
FreeBSD : Gitlab -- vulnerabilities (61fe903b-bc2e-11ee-b06e-001b217b3468)
2024-01-27 00:00:00
freebsd
freebsd
Gitlab -- vulnerabilities
2024-01-25 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.2
Confidence
High
EPSS
0.002
Percentile
60.0%
Related for NVD:CVE-2023-5933