CVE-2023-3102

MEDIUM

GitLab EE <16.0.6-16.1.1 - Info Disclosure

Title source: llm

Description

A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/414269

[Permissions Required] https://hackerone.com/reports/2012073

Scores

CVSS v3 5.3

EPSS 0.0037

EPSS Percentile 58.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-201

Status published

Affected Products (2)

gitlab/gitlab < 16.0.6

gitlab/gitlab

Timeline

Published Jul 21, 2023

Tracked Since Feb 18, 2026