Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-5612 — Missing Authorization in Gitlab

CWE-862 — Missing Authorization CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

5.3MEDIUMNVD

EPSS

25.6%

top 3.75%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Gitlab Debian Gitlab

Timeline

PublishedJan 26

Description

An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5gitlab/gitlab16.7 — 16.7.4+1

▶NVDgitlab/gitlab16.7.0 — 16.7.4+2

▶debiandebian/gitlab< gitlab 16.6.6-1 (sid)

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-g884-f5hg-pgw8: An issue has been discovered in GitLab affecting all versions before 16↗2024-01-26

▶

OSV

CVE-2023-5612: An issue has been discovered in GitLab affecting all versions before 16↗2024-01-26

▶

💥Exploits & PoCs

Metasploit

GitLab Tags RSS feed email disclosure↗

▶

📋Vendor Advisories

GitLab

CVE-2023-5612: An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read t↗2024-01-26

▶

Debian

CVE-2023-5612: gitlab - An issue has been discovered in GitLab affecting all versions before 16.6.6, 16....↗2023

▶