CVE-2023-5933

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.7 through 16.6.5 GitLab CE/EE versions 16.7 through 16.7.3 GitLab CE/EE versions 16.8 through 16.8.0

Description An issue has been discovered in GitLab CE/EE due to improper input sanitization of the user name, allowing arbitrary API PUT requests. This could potentially allow a remote attacker to execute arbitrary API PUT requests.

Recommendations For GitLab CE/EE versions 13.7 through 16.6.5, update to version 16.6.6 or later. For GitLab CE/EE versions 16.7 through 16.7.3, update to version 16.7.4 or later. For GitLab CE/EE versions 16.8 through 16.8.0, update to version 16.8.1 or later. As a temporary workaround, consider restricting access to API endpoints that accept PUT requests until a patch is available.