CVE-2023-5933 - OpenCVE

An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.8.0::::community:::
	cpe:2.3:a:gitlab:gitlab:16.8.0::::enterprise:::

No data.

References

Link	Providers
https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/430236
https://hackerone.com/reports/2225710

History

Thu, 29 Aug 2024 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:gitlab:gitlab::::::::

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-01-26T01:02:58.931Z

Updated: 2024-09-18T04:08:15.195Z

Reserved: 2023-11-02T15:01:52.148Z

Link: CVE-2023-5933

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-26T01:15:08.660

Modified: 2024-01-31T20:31:37.367

Link: CVE-2023-5933

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5933", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-11-02T15:01:52.148Z", "datePublished": "2024-01-26T01:02:58.931Z", "dateUpdated": "2024-09-18T04:08:15.195Z"}, "containers": {"cna": {"title": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "13.7", "status": "affected", "lessThan": "16.6.6", "versionType": "semver"}, {"version": "16.7", "status": "affected", "lessThan": "16.7.4", "versionType": "semver"}, {"version": "16.8", "status": "affected", "lessThan": "16.8.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "cweId": "CWE-80", "type": "CWE"}]}], "references": [{"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430236", "name": "GitLab Issue #430236", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/2225710", "name": "HackerOne Bug Bounty Report #2225710", "tags": ["technical-description", "exploit", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6 or above."}], "credits": [{"lang": "en", "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-09-18T04:08:15.195Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:25.134Z"}, "title": "CVE Program Container", "references": [{"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430236", "name": "GitLab Issue #430236", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/2225710", "name": "HackerOne Bug Bounty Report #2225710", "tags": ["technical-description", "exploit", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "CB08E85C-E128-44D4-B9B7-2A58790D72C5", "versionEndExcluding": "16.6.6", "versionStartIncluding": "13.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "31BFE094-EDFE-447F-AC01-9D18E1375383", "versionEndExcluding": "16.6.6", "versionStartIncluding": "13.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "0F871342-EDE9-49F2-8081-04651A16CD6E", "versionEndExcluding": "16.7.4", "versionStartIncluding": "16.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9A9ED476-FBE7-4022-AE16-18386E73AA59", "versionEndExcluding": "16.7.4", "versionStartIncluding": "16.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:community:*:*:*", "matchCriteriaId": "246D6584-64A7-44AC-A279-ECA58E5ED1FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E591D495-7397-4DA2-A643-477B2E35A915", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones posteriores a 13.7 anteriores a 16.6.6, 16.7 anteriores a 16.7.4 y 16.8 anteriores a 16.8.1. La sanitizaci\u00f3n inadecuada de la entrada del nombre de usuario permite solicitudes PUT de API arbitrarias."}], "id": "CVE-2023-5933", "lastModified": "2024-01-31T20:31:37.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2024-01-26T01:15:08.660", "references": [{"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"}, {"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430236"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2225710"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-80"}], "source": "cve@gitlab.com", "type": "Secondary"}]}