Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2023-6033

HistoryDec 01, 2023 - 7:15 a.m.

CVE-2023-6033

2023-12-0107:15:13

Debian Security Bug Tracker

security-tracker.debian.org

cve-2023-6033

gitlab ce/ee

version 15.10

version 16.6.1

version 16.5.3

version 16.4.3

javascript execution

jira integration config

unix

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

27.4%

JSON

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim’s browser.

OSVersionArchitecturePackageVersionFilename
Debian999allgitlab< 16.4.4+ds2-2gitlab_16.4.4+ds2-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	gitlab	< 16.4.4+ds2-2	gitlab_16.4.4+ds2-2_all.deb

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

27.4%

JSON

Related for DEBIANCVE:CVE-2023-6033