CVE-2023-5512

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Dec 15, 2023
Updated: Dec 19, 2023
CWE ID 94

Summary

CVE-2023-5512 is a cyber vulnerability affecting GitLab CE/EE versions 16.3 to 16.4.4, versions 16.5 to 16.5.4, and versions 16.6 to 16.6.2. The issue relates to file integrity compromise when specific HTML encoding is used for file names, leading to incorrect representation in the user interface (UI). The vulnerability has a base severity of MEDIUM with an exploitability score of 1.2 and an impact score of 3.6 out of 10. It requires low privileges and user interaction but has a high attack complexity and integrity impact. The vulnerability does not pose any risk to confidentiality or availability but can potentially allow code injection due to improper control of code generation (CWE-94). There is no provided remediation information or analysis description for this vulnerability at this time

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5512 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options