CVE-2023-5933 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Gitlab

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

3.8%

top 11.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedJan 26

Description

An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5gitlab/gitlab13.7 — 16.6.6+2

▶NVDgitlab/gitlab13.7.0 — 16.6.6+2

▶debiandebian/gitlab< gitlab 16.6.6-1 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-84m5-rqxq-483p: An issue has been discovered in GitLab CE/EE affecting all versions after 13↗2024-01-26

▶

OSV

CVE-2023-5933: An issue has been discovered in GitLab CE/EE affecting all versions after 13↗2024-01-26

▶

📋Vendor Advisories

GitLab

CVE-2023-5933: An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper↗2024-01-26

▶

Debian

CVE-2023-5933: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 b...↗2023

▶