An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
Metrics
Affected Vendors & Products
References
History
Fri, 18 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:-:*:*:*:-:*:*:* | |
Metrics |
ssvc
|
Thu, 03 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-200 |
Thu, 03 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Exposure of Sensitive Information to an Unauthorized Actor in GitLab | Missing Authorization in GitLab |
Weaknesses | CWE-862 |
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-01-26T02:02:39.783Z
Updated: 2024-10-18T15:14:36.475Z
Reserved: 2023-10-17T11:30:31.181Z
Link: CVE-2023-5612
Vulnrichment
Updated: 2024-08-02T08:07:32.101Z
NVD
Status : Modified
Published: 2024-01-26T02:15:07.357
Modified: 2024-11-21T08:42:07.260
Link: CVE-2023-5612
Redhat
No data.