CVE-2023-5612
Missing Authorization in GitLab
5.3
MEDIUM
CVSS 3.1
EPSS 25.6%
Description
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
How to fix CVE-2023-5612
To remediate CVE-2023-5612, upgrade the affected package to a fixed version below.
- Bitnami/gitlab—upgrade to 16.6.6 or later
Is CVE-2023-5612 being exploited?
Moderate — EPSS is 25.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 16.6.6, >= 16.7.0, < 16.7.4, >= 16.8.0, < 16.8.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |