CVE-2023-5600

Source
https://cve.org/CVERecord?id=CVE-2023-5600
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5600.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-5600
Aliases
Published
2025-06-20T19:31:08.397Z
Modified
2026-04-10T05:07:09.288217Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Missing Authorization in GitLab
Details

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5600.json",
    "cna_assigner": "GitLab",
    "cwe_ids": [
        "CWE-862"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Database specific
{
    "versions": [
        {
            "introduced": "16.0"
        },
        {
            "fixed": "16.3.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Database specific
{
    "versions": [
        {
            "introduced": "16.4"
        },
        {
            "fixed": "16.4.2"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Database specific
{
    "versions": [
        {
            "introduced": "16.5"
        },
        {
            "fixed": "16.5.1"
        }
    ]
}

Affected versions

v16.*
v16.4.0-ee
v16.5.0-ee

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5600.json"