CVE-2023-5332: Configuration in GitLab
First published: Mon Dec 04 2023(Updated: )
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gitlab Gitlab | >=9.5.0<16.2.8 | |
| Gitlab Gitlab | >=16.3.0<16.3.5 | |
| Gitlab Gitlab | =16.4.0 | |
| HashiCorp Consul | <0.9.4 | |
| HashiCorp Consul | >=1.0.0<1.0.8 | |
| HashiCorp Consul | >=1.2.0<1.2.4 | |
| HashiCorp Consul | =1.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-5332?
CVE-2023-5332 is a vulnerability in GitLab that affects versions 9.5.0 to 16.2.8 and versions 16.3.0 to 16.3.5 of GitLab-EE.
What is the severity of CVE-2023-5332?
CVE-2023-5332 has a severity rating of 8.1 (high).
How does CVE-2023-5332 affect GitLab?
CVE-2023-5332 affects GitLab-EE versions 9.5.0 to 16.2.8 and versions 16.3.0 to 16.3.5. It requires the 'enable-script-checks' setting in the third-party library Consul to be set to False.
Which versions of Consul are affected by CVE-2023-5332?
CVE-2023-5332 affects Consul versions up to 0.9.4 and versions 1.0.0 to 1.0.8, and versions 1.2.0 to 1.2.4.
How can I mitigate the CVE-2023-5332 vulnerability?
To mitigate the CVE-2023-5332 vulnerability, set the 'enable-script-checks' setting in Consul to False. Refer to the vendor's patch for more details.
- collector/mitre-cve
- collector/nvd-api
- vendor/gitlab
- canonical/gitlab gitlab
- version/gitlab gitlab/9.5.0
- version/gitlab gitlab/16.3.0
- version/gitlab gitlab/16.4.0
- vendor/hashicorp
- canonical/hashicorp consul
- version/hashicorp consul/1.0.0
- version/hashicorp consul/1.2.0
- version/hashicorp consul/1.1.0