CVE-2023-5332
published 2023-12-04CVE-2023-5332: Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting…
PriorityP341high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.74%
50.0th percentile
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | consul | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 16.3.0 < 16.3.5 | 16.3.5 |
| gitlab | gitlab | >= 16.4 < 16.4.1 | 16.4.1 |
| gitlab | gitlab | >= 9.5.0 < 16.2.8 | 16.2.8 |
| hashicorp | consul | < 0.9.4 | 0.9.4 |
| hashicorp | consul | — | — |
| hashicorp | consul | >= 1.0.0 < 1.0.8 | 1.0.8 |
| hashicorp | consul | >= 1.2.0 < 1.2.4 | 1.2.4 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
consul: Command injection through script checks option
vendor_redhat·2023-12-04·CVSS 5.9
CVE-2023-5332 [MEDIUM] CWE-77 consul: Command injection through script checks option
consul: Command injection through script checks option
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
A command injection flaw was found in Hashicorp's Consul script check configuration option. If the API is enabled and exposed through a public interface, it is possible to achieve remote code execution.
Mitigation: To mitigate this issue, the '-enable-script-checks' option must be removed to disable the vulnerable component. It's also possible to limit exploitability by using the '-enable-local-script-checks' option to restrict the vulnerable option to only local checks and/or by binding the API to a loopback interface
GitLab
CVE-2023-5332: Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without thi
vendor_gitlab·2023-12-04·CVSS 5.9
CVE-2023-5332 [MEDIUM] CVE-2023-5332: Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without thi
CVE-2023-5332: Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Debian
CVE-2023-5332: consul - Patch in third party library Consul requires 'enable-script-checks' to be set to...
vendor_debian·2023·CVSS 5.9
CVE-2023-5332 [MEDIUM] CVE-2023-5332: consul - Patch in third party library Consul requires 'enable-script-checks' to be set to...
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Scope: local
bullseye: open
GHSA
GHSA-xcgm-v273-44cr: Patch in third party library Consul requires 'enable-script-checks' to be set to False
ghsa_unreviewed·2023-12-04
CVE-2023-5332 [MEDIUM] GHSA-xcgm-v273-44cr: Patch in third party library Consul requires 'enable-script-checks' to be set to False
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
OSV
CVE-2023-5332: Patch in third party library Consul requires 'enable-script-checks' to be set to False
osv·2023-12-04·CVSS 8.1
CVE-2023-5332 [HIGH] CVE-2023-5332: Patch in third party library Consul requires 'enable-script-checks' to be set to False
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-04
Published