CVE-2023-5332
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/12/2023
Last modified:
03/10/2024
Description
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 9.5.0 (including) | 16.2.8 (excluding) |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 16.3.0 (including) | 16.3.5 (excluding) |
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:* | ||
cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* | 0.9.4 (excluding) | |
cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* | 1.0.0 (including) | 1.0.8 (excluding) |
cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* | 1.2.0 (including) | 1.2.4 (excluding) |
cpe:2.3:a:hashicorp:consul:1.1.0:*:*:*:-:*:*:* |
To consult the complete list of CPE names with products and versions, see this page