Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-1710

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.

Published

2023-04-05T21:15:07.367

Last Modified

2025-02-10T21:15:14.560

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	< 15.8.5	Yes
Application	gitlab	gitlab	< 15.8.5	Yes
Application	gitlab	gitlab	< 15.9.4	Yes
Application	gitlab	gitlab	< 15.9.4	Yes
Application	gitlab	gitlab	15.10.0	Yes
Application	gitlab	gitlab	15.10.0	Yes

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json Vendor Advisory ([email protected])
https://gitlab.com/gitlab-org/gitlab/-/issues/388242 Broken Link ([email protected])
https://hackerone.com/reports/1829768 Permissions Required ([email protected])
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/388242 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1829768 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)