An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
References
Link | Resource |
---|---|
https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/428441 | Broken Link |
https://hackerone.com/reports/2208790 | Permissions Required |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitLab
Published: 2024-01-26T02:02:39.783Z
Updated: 2024-01-26T02:02:39.783Z
Reserved: 2023-10-17T11:30:31.181Z
Link: CVE-2023-5612
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-26T02:15:07.357
Modified: 2024-01-31T20:07:49.607
Link: CVE-2023-5612
JSON object: View
Redhat Information
No data.