Vulnerability Details CVE-2023-0523
An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.187
EPSS Ranking 95.0%
CVSS Severity
CVSS v3 Score 5.4
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0523.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/389487
- https://hackerone.com/reports/1842867
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0523.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/389487
- https://hackerone.com/reports/1842867
Products affected by CVE-2023-0523
-
cpe:2.3:a:gitlab:gitlab:15.10.0
-
cpe:2.3:a:gitlab:gitlab:15.6.0
-
cpe:2.3:a:gitlab:gitlab:15.6.1
-
cpe:2.3:a:gitlab:gitlab:15.6.2
-
cpe:2.3:a:gitlab:gitlab:15.6.3
-
cpe:2.3:a:gitlab:gitlab:15.6.4
-
cpe:2.3:a:gitlab:gitlab:15.7.0
-
cpe:2.3:a:gitlab:gitlab:15.7.1
-
cpe:2.3:a:gitlab:gitlab:15.7.2
-
cpe:2.3:a:gitlab:gitlab:15.7.7
-
cpe:2.3:a:gitlab:gitlab:15.7.8
-
cpe:2.3:a:gitlab:gitlab:15.8.0
-
cpe:2.3:a:gitlab:gitlab:15.8.1
-
cpe:2.3:a:gitlab:gitlab:15.8.2
-
cpe:2.3:a:gitlab:gitlab:15.8.3
-
cpe:2.3:a:gitlab:gitlab:15.8.4
-
cpe:2.3:a:gitlab:gitlab:15.8.5
-
cpe:2.3:a:gitlab:gitlab:15.9.0
-
cpe:2.3:a:gitlab:gitlab:15.9.1
-
cpe:2.3:a:gitlab:gitlab:15.9.2