CVE-2023-5512

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 08:41

Type Values Removed Values Added
References () https://gitlab.com/gitlab-org/gitlab/-/issues/427827 - Broken Link () https://gitlab.com/gitlab-org/gitlab/-/issues/427827 - Broken Link
References () https://hackerone.com/reports/2194607 - Permissions Required () https://hackerone.com/reports/2194607 - Permissions Required
CVSS v2 : unknown
v3 : 5.7
v2 : unknown
v3 : 4.8

19 Dec 2023, 22:56

Type Values Removed Values Added
CWE CWE-94
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.7
References () https://gitlab.com/gitlab-org/gitlab/-/issues/427827 - () https://gitlab.com/gitlab-org/gitlab/-/issues/427827 - Broken Link
References () https://hackerone.com/reports/2194607 - () https://hackerone.com/reports/2194607 - Permissions Required

15 Dec 2023, 16:53

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-15 16:15

Updated : 2024-11-21 08:41


NVD link : CVE-2023-5512

Mitre link : CVE-2023-5512

CVE.ORG link : CVE-2023-5512


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')