Unrated severityNVD Advisory· Published Jan 26, 2024· Updated Apr 25, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
CVE-2023-5933
Description
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 13.7
- (no CPE)range: >13.7, <16.6.6, >=16.7, <16.7.4, >=16.8, <16.8.1
Patches
Vulnerability mechanics
References
3- hackerone.com/reports/2225710mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/430236mitreissue-trackingpermissions-required
- about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/mitre
News mentions
1- GitLab Critical Security Release: 16.8.1, 16.7.4, 16.6.6, 16.5.8GitLab Security Releases · Jan 25, 2024