CVE-2023-5512

medium

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI.

References

https://hackerone.com/reports/2194607

https://gitlab.com/gitlab-org/gitlab/-/issues/427827

Details

Source: Mitre, NVD

Published: 2023-12-15

Updated: 2023-12-19

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N