CVE-2023-5612

moderate-risk
Published 2024-01-26

An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.

Do I need to act?

!
25.6% chance of exploitation in next 30 days
EPSS score — higher than 74% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Gitlab

References (6)

Vendor Advisory https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16...
Broken Link https://gitlab.com/gitlab-org/gitlab/-/issues/428441
Permissions Required https://hackerone.com/reports/2208790
Vendor Advisory https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16...
Broken Link https://gitlab.com/gitlab-org/gitlab/-/issues/428441
Permissions Required https://hackerone.com/reports/2208790
46
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 15/34 · Moderate
Exposure 10/34 · Low