Lucene search

GoogleOSV:CVE-2023-1710

HistoryApr 05, 2023 - 9:15 p.m.

CVE-2023-1710

2023-04-0521:15:07

Google

osv.dev

sensitive information

disclosure

vulnerability

gitlab

versions 15.0-15.10.1

internal notes

attack

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.3%

JSON

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json

gitlab.com/gitlab-org/gitlab/-/issues/388242

hackerone.com/reports/1829768

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.3%

JSON

Related for OSV:CVE-2023-1710