{"vulnerability": "CVE-2023-5933", "sightings": [{"uuid": "7cb69db2-af7a-458b-8726-4bae0aa390ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-5933", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17246", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-5933\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.\n\ud83d\udccf Published: 2024-01-26T01:02:58.931Z\n\ud83d\udccf Modified: 2025-05-22T04:09:49.342Z\n\ud83d\udd17 References:\n1. https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/\n2. https://gitlab.com/gitlab-org/gitlab/-/issues/430236\n3. https://hackerone.com/reports/2225710", "creation_timestamp": "2025-05-22T04:44:13.000000Z"}, {"uuid": "0d4f9276-11a9-4f32-a7fa-be85d59145c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-5933", "type": "seen", "source": "https://t.me/ctinow/187374", "content": "https://ift.tt/GA0vqHw\nCVE-2023-5933 | GitLab Community Edition/Enterprise Edition up to 16.6.5/16.7.3/16.8.0 API PUT Request cross site scripting (Issue 430236)", "creation_timestamp": "2024-02-18T21:21:19.000000Z"}, {"uuid": "8760026e-3740-4894-8c38-e63aaedce040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-5933", "type": "seen", "source": "https://t.me/ctinow/173952", "content": "https://ift.tt/NsSwvVJ\nCVE-2023-5933", "creation_timestamp": "2024-01-26T02:26:34.000000Z"}]}