Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171 | Exploit Issue Tracking |
https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitLab
Published: 2023-12-04T06:30:33.856Z
Updated: 2023-12-04T06:30:33.856Z
Reserved: 2023-10-02T12:01:25.316Z
Link: CVE-2023-5332
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-04T07:15:07.120
Modified: 2023-12-07T17:43:42.847
Link: CVE-2023-5332
JSON object: View
Redhat Information
No data.
CWE