CVE-2023-5831
LOWGitLab CE/EE <16.3.6, <16.4.2, <16.5.1 - Info Disclosure
Title source: llmDescription
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.
References (1)
Core 1
Core References
Broken Link issue-tracking
permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/428919
Scores
CVSS v3
3.7
EPSS
0.0006
EPSS Percentile
19.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-201
Status
published
Products (5)
gitlab/gitlab
16.5.0 (2 CPE variants)
GitLab/GitLab
16.0 - 16.3.6
gitlab/gitlab
16.0.0 - 16.3.6 (2 CPE variants)
GitLab/GitLab
16.4 - 16.4.2
GitLab/GitLab
16.5 - 16.5.1
Published
Nov 06, 2023
Tracked Since
Feb 18, 2026