3.1

CVE-2023-5600

Exploit

Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab SwEditionenterprise Version >= 16.0.0 < 16.3.6
GitlabGitLab SwEditionenterprise Version >= 16.4.0 < 16.4.2
GitlabGitLab Version16.5.0 SwEditionenterprise
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.127
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@gitlab.com 3.1 1.6 1.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://gitlab.com/gitlab-org/gitlab/-/issues/428268
Exploit
Issue Tracking
https://hackerone.com/reports/2209702
Permissions Required