CVE-2023-5933
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
5.4
MEDIUM
CVSS 3.1
EPSS 10.4%
Description
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
How to fix CVE-2023-5933
To remediate CVE-2023-5933, upgrade the affected package to a fixed version below.
- Bitnami/gitlab—upgrade to 16.6.6 or later
Is CVE-2023-5933 being exploited?
Moderate — EPSS is 10.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- >= 13.7.0, < 16.6.6, >= 16.7.0, < 16.7.4, >= 16.8.0, < 16.8.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |