CVE-2023-5933

MEDIUM5.4EPSS 10.4%

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

Published: 3/6/2024Modified: 5/20/2025

Description

An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.

Affected packages (1)

Bitnami/gitlab>= 13.7.0, < 16.6.6, >= 16.7.0, < 16.7.4, >= 16.8.0, < 16.8.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (4)

WEBhttps://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
WEBhttps://gitlab.com/gitlab-org/gitlab/-/issues/430236
WEBhttps://hackerone.com/reports/2225710
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-5933