CVE-2023-5512

MEDIUM

Gitlab < 16.4.4 - Code Injection

Title source: rule

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/427827

[Permissions Required] https://hackerone.com/reports/2194607

Scores

CVSS v3 4.8

EPSS 0.0039

EPSS Percentile 59.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-94

Status published

Affected Products (2)

gitlab/gitlab < 16.4.4

Timeline

Published Dec 15, 2023

Tracked Since Feb 18, 2026