CVE-2023-5332

MEDIUM

Consul - Info Disclosure

Title source: llm

Description

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.

References (2)

[Exploit, Issue Tracking] https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171

[Patch, Vendor Advisory] https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations

Scores

CVSS v3 5.9

EPSS 0.0002

EPSS Percentile 5.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Classification

Status published

Affected Products (4)

gitlab/gitlab < 16.2.8

gitlab/gitlab

hashicorp/consul < 0.9.4

hashicorp/consul

Timeline

Published Dec 04, 2023

Tracked Since Feb 18, 2026