Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1210", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-03-06T20:10:51.153Z", "datePublished": "2023-08-01T23:36:25.668Z", "dateUpdated": "2025-05-22T04:04:53.538Z"}, "containers": {"cna": {"title": "Generation of Error Message Containing Sensitive Information in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "12.9", "status": "affected", "lessThan": "16.0.8", "versionType": "semver"}, {"version": "16.1.0", "status": "affected", "lessThan": "16.1.3", "versionType": "semver"}, {"version": "16.2.0", "status": "affected", "lessThan": "16.2.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-209: Generation of Error Message Containing Sensitive Information", "cweId": "CWE-209", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/394775", "name": "GitLab Issue #394775", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/1884672", "name": "HackerOne Bug Bounty Report #1884672", "tags": ["technical-description", "exploit", "permissions-required", "broken-link"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above."}], "credits": [{"lang": "en", "value": "Thanks [shells3c](https://hackerone.com/shells3c) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-05-22T04:04:53.538Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-25T13:26:38.599217Z", "id": "CVE-2023-1210", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T13:27:17.330Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:40:59.650Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/394775", "name": "GitLab Issue #394775", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/1884672", "name": "HackerOne Bug Bounty Report #1884672", "tags": ["technical-description", "exploit", "x_transferred"]}]}]}}