CVE-2023-3102

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-3102
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3102.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-3102
Aliases
Published
2023-07-21T15:30:47.974Z
Modified
2025-12-05T00:44:19.346580Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Insertion of Sensitive Information Into Sent Data in GitLab
Details

A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR.

Database specific 
{
    "cwe_ids": [
        "CWE-201"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3102.json",
    "cna_assigner": "GitLab"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
280a09dbca836a6eedf5da1e63953fe8da44bf4c
Fixed
1ca31874e42fbd4b99f6e3c9174a992c053c8e1b
Database specific 
{
    "versions": [
        {
            "introduced": "16.0"
        },
        {
            "fixed": "16.0.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
4961ad113f3afe23965ac12285eaab31315ab0c6
Fixed
d3582d7719f503ba7e038a1b2e0443a89ddb6429
Database specific 
{
    "versions": [
        {
            "introduced": "16.1"
        },
        {
            "fixed": "16.1.1"
        }
    ]
}

Affected versions

v16.*

v16.0.0-ee
v16.0.1-ee
v16.0.2-ee
v16.0.3-ee
v16.0.4-ee
v16.0.5-ee
v16.1.0-ee