CVE-2023-5332

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:1.1.0:*:*:*:-:*:*:*

History

03 Oct 2024, 07:15

Type Values Removed Values Added
CWE CWE-16

07 Dec 2023, 17:43

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:1.1.0:*:*:*:-:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*
First Time Hashicorp
Gitlab
Hashicorp consul
Gitlab gitlab
References () https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations - () https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations - Patch, Vendor Advisory
References () https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171 - () https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171 - Exploit, Issue Tracking

04 Dec 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-04 07:15

Updated : 2024-10-03 07:15


NVD link : CVE-2023-5332

Mitre link : CVE-2023-5332

CVE.ORG link : CVE-2023-5332


JSON object : View

Products Affected

hashicorp

  • consul

gitlab

  • gitlab