CVE-2023-5600 LOW

CVE-2023-5600: Missing Authorization in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-862 · Missing authorization
Published June 20, 2025
Last update June 20, 2025

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template.

Key dates

02Disclosure timeline

June 20, 2025 CVE published
June 20, 2025 Record updated

Related vulnerabilities

04Related CVE