GitLabCVELIST:CVE-2023-5612CVE-2023-5612 Exposure of Sensitive Information to an Unauthorized Actor in GitLab
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.5 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.6%
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
CNA Affected
[
{
"vendor": "GitLab",
"product": "GitLab",
"repo": "git://[email protected]:gitlab-org/gitlab.git",
"versions": [
{
"version": "0",
"status": "affected",
"lessThan": "16.6.6",
"versionType": "semver"
},
{
"version": "16.7",
"status": "affected",
"lessThan": "16.7.4",
"versionType": "semver"
},
{
"version": "16.8",
"status": "affected",
"lessThan": "16.8.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.5 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.6%