An issue has been discovered in GitLab affecting all versions before
16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to
read the user email address via tags feed although the visibility in the
user profile has been disabled.
about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released
about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
gitlab.com/gitlab-org/gitlab/-/issues/428441
hackerone.com/reports/2208790
launchpad.net/bugs/cve/CVE-2023-5612
nvd.nist.gov/vuln/detail/CVE-2023-5612
security-tracker.debian.org/tracker/CVE-2023-5612
www.cve.org/CVERecord?id=CVE-2023-5612