Main Vulnerability Database Exploits ID:9598 - Exploit for Information disclosure in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2023-5612

ID:9598 - Exploit for Information disclosure in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2023-5612

Published: March 6, 2024

Vulnerability identifier: #VU85819

Vulnerability risk: Medium

CVE-ID: CVE-2023-5612

CWE-ID: CWE-200

Exploitation vector: Remote access

Vulnerable software:
Gitlab Community Edition
GitLab Enterprise Edition

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/gather/gitlab_tags_rss_feed_email_disclosure

Vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can read the user email address via tags feed although the visibility in the user profile has been disabled.

Remediation

Install updates from vendor's website.

ID:9598 - Exploit for Information disclosure in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2023-5612

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human