CVE-2023-1710

Published: Apr 5, 2023Modified: Feb 10, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 15.0.0 to 15.8.5
Gitlab Gitlab	From 15.9.0 to 15.9.4
Gitlab Gitlab	From 15.0.0 to 15.8.5
Gitlab Gitlab	From 15.9.0 to 15.9.4
Gitlab Gitlab	Version 15.10.0
Gitlab Gitlab	Version 15.10.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/388242

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/1829768

Source: cve@gitlab.com

Permissions Required

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/388242

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/1829768

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.