CVE-2023-6033 — Vulnetix

CVE-2023-6033 PUBLISHED

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser.

EPSS 1.24% · 79.6th percentile

Risk Scores

EPSS Score

1.24%

79.6th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	15.10.0, 16.5.0, 16.6.0
Bitnami	gitlab	15.10.0, 16.6.0, 16.5.0

Exploit Intelligence

CIRCL published-proof-of-concept: CVE-2023-6033 (circl-sighting)
CIRCL seen: CVE-2023-6033 (circl-sighting)
GitLab Issue #431201 (circl)
https://hackerone.com/reports/2236039 (osv)

Timeline

Jan 21, 1970 Security Advisory
Nov 30, 2023 CVE Published
Dec 1, 2023 EPSS Score
Dec 21, 2023 PoC Published
Dec 31, 2023 EPSS Score
Jan 29, 2024 EPSS Score
Feb 28, 2024 EPSS Score
Mar 29, 2024 EPSS Score
May 27, 2024 EPSS Score
Jun 26, 2024 EPSS Score
Jul 25, 2024 EPSS Score
Aug 24, 2024 EPSS Score

References

https://gitlab.com/gitlab-org/gitlab/-/issues/431201 url
https://hackerone.com/reports/2236039 url
https://nvd.nist.gov/vuln/detail/CVE-2023-6033 url

Open in Interactive Console →