GitLab EE Consul enable-script-checks Bypass
CVE-2023-5332 Published on December 4, 2023
Dependency on Vulnerable Third-Party Component in GitLab
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Vulnerability Analysis
CVE-2023-5332 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Products Associated with CVE-2023-5332
stack.watch emails you whenever new vulnerabilities are published in GitLab or HashiCorp Consul. Just hit a watch button to start following.
Affected Versions
GitLab:- Version 9.5.0 and below 16.2.8 is affected.
- Version 16.3.0 and below 16.3.5 is affected.
- Version 16.4 and below 16.4.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.