CVE-2023-5933

Summary

An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab13.7 < 16.6.6affected
GitLabGitLab16.7 < 16.7.4affected
GitLabGitLab16.8 < 16.8.1affected

Weaknesses

  • CWE-80: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References