CVE-2023-1710
published 2023-04-05CVE-2023-1710: A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1…
PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.79%
51.6th percentile
A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.0.0 < 15.8.5 | 15.8.5 |
| gitlab | gitlab | >= 15.9.0 < 15.9.4 | 15.9.4 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2023-1710: A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 1
vendor_gitlab·2023-04-05·CVSS 5.3
CVE-2023-1710 [MEDIUM] CWE-200 CVE-2023-1710: A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 1
CVE-2023-1710: A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.
Debian
CVE-2023-1710: gitlab - A sensitive information disclosure vulnerability in GitLab affecting all version...
vendor_debian·2023·CVSS 5.3
CVE-2023-1710 [MEDIUM] CVE-2023-1710: gitlab - A sensitive information disclosure vulnerability in GitLab affecting all version...
A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
GHSA
GHSA-qwxw-v6wx-qh2q: A sensitive information disclosure vulnerability in GitLab affecting all versions from 15
ghsa_unreviewed·2023-04-05
CVE-2023-1710 [MEDIUM] CWE-200 GHSA-qwxw-v6wx-qh2q: A sensitive information disclosure vulnerability in GitLab affecting all versions from 15
A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.
OSV
CVE-2023-1710: A sensitive information disclosure vulnerability in GitLab affecting all versions from 15
osv·2023-04-05·CVSS 5.3
CVE-2023-1710 [MEDIUM] CVE-2023-1710: A sensitive information disclosure vulnerability in GitLab affecting all versions from 15
A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/388242https://hackerone.com/reports/1829768https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/388242https://hackerone.com/reports/1829768
2023-04-05
Published