CVE-2023-1936

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jul 11, 2023

Updated: Jul 19, 2023

CWE ID 284

Summary

CVE-2023-1936 is a vulnerability affecting GitLab CE/EE versions 13.7 before 15.11.10, 16.0 before 16.0.6, and 16.1 before 16.1.1. This issue enables unauthorized users to leak the email address of a user who created a service desk issue within the GitLab environment. The vulnerability poses a risk to data privacy and should be addressed by updating to the patched versions as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GitLab

Affected Vendors

GitLab Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r0b_zO
https://www.cve.org/CVERecord?id=CVE-2023-1936
https://nvd.nist.gov/vuln/detail/CVE-2023-1936

Back to Vulnerability Database