Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveGitLabCVE-2023-5332
HistoryDec 04, 2023 - 7:15 a.m.

CVE-2023-5332

2023-12-0407:15:07
CWE-16
GitLab
web.nvd.nist.gov
49
cve-2023-5332
patch
third party library
consul
enable-script-checks
vendor
bypass
gitlab-ee
nvd

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON

Patch in third party library Consul requires ‘enable-script-checks’ to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.

Affected configurations

Nvd
Vulners
Node
gitlabgitlabRange9.5.016.2.8enterprise
OR
gitlabgitlabRange16.3.016.3.5enterprise
OR
gitlabgitlabMatch16.4.0enterprise
Node
hashicorpconsulRange<0.9.4-
OR
hashicorpconsulRange1.0.01.0.8-
OR
hashicorpconsulRange1.2.01.2.4-
OR
hashicorpconsulMatch1.1.0-
VendorProductVersionCPE
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
gitlabgitlab16.4.0cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*
hashicorpconsul*cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*
hashicorpconsul1.1.0cpe:2.3:a:hashicorp:consul:1.1.0:*:*:*:-:*:*:*

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "vendor": "GitLab",
    "versions": [
      {
        "lessThan": "16.2.8",
        "status": "affected",
        "version": "9.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "16.3.5",
        "status": "affected",
        "version": "16.3.0",
        "versionType": "semver"
      },
      {
        "lessThan": "16.4.1",
        "status": "affected",
        "version": "16.4",
        "versionType": "semver"
      }
    ]
  }
]

Related

cvelist 1
prion 1
redhatcve 1
nessus 1
osv 3
debiancve 1
nvd 1
ubuntucve 1
cvelist
cvelist
CVE-2023-5332 Configuration in GitLab
2023-12-04 06:30:33
prion
prion
Code injection
2023-12-04 07:15:00
redhatcve
redhatcve
CVE-2023-5332
2023-12-05 05:42:43
nessus
nessus
GitLab 9.5.0 < 16.2.8 / 16.3.0 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-5332)
2023-10-12 00:00:00
osv
osv
BIT-gitlab-2023-5332
2024-03-06 10:56:56
CVE-2023-5332
2023-12-04 07:15:07
BIT-consul-2023-5332
2024-03-06 10:50:58
debiancve
debiancve
CVE-2023-5332
2023-12-04 07:15:07
nvd
nvd
CVE-2023-5332
2023-12-04 07:15:07
ubuntucve
ubuntucve
CVE-2023-5332
2023-12-04 00:00:00

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON
Related for CVE-2023-5332
cvelist1prion1redhatcve1nessus1osv3debiancve1nvd1ubuntucve1