CVE-2023-5933

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 26, 2024

Updated: Jan 31, 2024

CWE ID 79

CWE ID 80

Summary

CVE-2023-5933 is a vulnerability affecting GitLab CE/EE versions 13.7 to 16.8.1. An issue with input sanitization of usernames allows attackers to execute arbitrary API PUT requests. This can lead to unauthorized changes to project settings or data. Users are advised to upgrade to the latest patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GitLab

Affected Vendors

GitLab Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tP0-AL
https://www.cve.org/CVERecord?id=CVE-2023-5933
https://nvd.nist.gov/vuln/detail/CVE-2023-5933

Back to Vulnerability Database