CVE-2023-5612

MEDIUM LAB

GitLab < 16.6.6, 16.7 < 16.7.4, 16.8 < 16.8.1 - Unauthorized User Email Exposure via Tags Feed

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-5612. PoCs published by mad3E7cat, TopskiyPavelQwertyGang, n00bhaxor, erruquill, including Metasploit module auxiliary/gather/gitlab_tags_rss_feed_email_disclosure.

AI-analyzed exploit summary The repository provides a detailed writeup and proof-of-concept for CVE-2023-5612, an information disclosure vulnerability in GitLab. It explains how unauthenticated users can retrieve user email addresses via the tags RSS feed, even when email visibility is disabled in user profiles.

Description

An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.

Exploits (3)

nomisec WRITEUP
by mad3E7cat · poc
https://github.com/mad3E7cat/CVE-2023-5612

The repository provides a detailed writeup and proof-of-concept for CVE-2023-5612, an information disclosure vulnerability in GitLab. It explains how unauthenticated users can retrieve user email addresses via the tags RSS feed, even when email visibility is disabled in user profiles.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: GitLab versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1
No auth needed
Prerequisites: Access to the GitLab instance's API endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by TopskiyPavelQwertyGang · poc
https://github.com/TopskiyPavelQwertyGang/Review.CVE-2023-5612

This repository provides a detailed writeup and NSE scripts for exploiting CVE-2023-5612, an SSRF vulnerability in GitLab CE/EE. It includes manual PoC steps, NSE scripts for verification and brute-forcing, and mitigation recommendations.

Classification
Writeup 90%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: GitLab CE/EE < 16.2.7, 16.3 < 16.3.4, 16.4 < 16.4.1
Auth required
Prerequisites: Project Maintainer access · Valid Personal Access Token · GitLab instance with vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by n00bhaxor, erruquill · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/gitlab_tags_rss_feed_email_disclosure.rb

This Metasploit module exploits an information disclosure vulnerability in GitLab (CVE-2023-5612) by querying the tags RSS feed to retrieve user email addresses even when visibility is disabled in the user profile. It supports targeting specific projects or scraping all projects via the API.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: GitLab versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1
No auth needed
Prerequisites: Access to the GitLab instance's RSS feed or API endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Broken Link issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/428441
Permissions Required technical-description exploit permissions-required
https://hackerone.com/reports/2208790

Scores

CVSS v3 5.3
EPSS 0.0439
EPSS Percentile 90.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Lab Environment

COMMUNITY
Community Lab
docker pull gitlab/gitlab-ce:16.5.10-ce.0

Details

CWE
CWE-862
Status published
Products (2)
gitlab/gitlab 16.8.0 (2 CPE variants)
gitlab/gitlab < 16.6.6 (2 CPE variants)
Published Jan 26, 2024
Tracked Since Feb 18, 2026