Vulnerability Description
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
CVSS Score
6.4
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 13.7.0, < 16.6.6 |
Related Weaknesses (CWE)
References
- https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16Vendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/430236Broken Link
- https://hackerone.com/reports/2225710Permissions Required
- https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16Vendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/430236Broken Link
- https://hackerone.com/reports/2225710Permissions Required
FAQ
What is CVE-2023-5933?
CVE-2023-5933 is a vulnerability with a CVSS score of 6.4 (MEDIUM). An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary ...
How severe is CVE-2023-5933?
CVE-2023-5933 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5933?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.