An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
History

Wed, 13 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 29 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-01-26T01:02:58.931Z

Updated: 2024-11-13T15:00:22.845Z

Reserved: 2023-11-02T15:01:52.148Z

Link: CVE-2023-5933

cve-icon Vulnrichment

Updated: 2024-08-02T08:14:25.134Z

cve-icon NVD

Status : Analyzed

Published: 2024-01-26T01:15:08.660

Modified: 2024-01-31T20:31:37.367

Link: CVE-2023-5933

cve-icon Redhat

No data.