CVE-2023-5332

Summary

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab9.5.0 < 16.2.8affected
GitLabGitLab16.3.0 < 16.3.5affected
GitLabGitLab16.4 < 16.4.1affected

Weaknesses

  • CWE-1395: CWE-1395: Dependency on Vulnerable Third-Party Component

ADP Enrichment

CVE Program Container

Additional References

References