CVE-2023-1210

Published: Aug 2, 2023Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain.

Affected (3)

Products: Gitlab: Gitlab

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 12.9 to 16.0.8
Gitlab Gitlab	From 16.1 to 16.1.3
Gitlab Gitlab	From 16.2 to 16.2.2

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (4)

https://gitlab.com/gitlab-org/gitlab/-/issues/394775

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/1884672

Source: cve@gitlab.com

Permissions Required

https://gitlab.com/gitlab-org/gitlab/-/issues/394775

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/1884672

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.