CVE-2023-5612
Publication date 26 January 2024
Last updated 26 August 2025
Ubuntu priority
Description
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| gitlab | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Not in release |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
5.3 · Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
Other references
- https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released
- https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
- https://gitlab.com/gitlab-org/gitlab/-/issues/428441
- https://hackerone.com/reports/2208790
- https://www.cve.org/CVERecord?id=CVE-2023-5612