CVE-2023-5332
MEDIUMGitLab 9.5.0-16.2.7 - Remote Code Execution via Consul Script Check Bypass
Title source: llmDescription
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
References (2)
Core 2
Core References
Patch, Vendor Advisory
https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations
Exploit, Issue Tracking issue-tracking
https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171
Scores
CVSS v3
5.9
EPSS
0.0002
EPSS Percentile
6.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Details
Status
published
Products (4)
gitlab/gitlab
16.4.0
gitlab/gitlab
9.5.0 - 16.2.8
hashicorp/consul
1.1.0
hashicorp/consul
< 0.9.4
Published
Dec 04, 2023
Tracked Since
Feb 18, 2026