CVE-2023-5600: 
GitLab vulnerability analysis and mitigation

An issue has been discovered in GitLab EE affecting multiple versions: all versions from 16.0 before 16.3.6, versions from 16.4 before 16.4.2, and versions from 16.5 before 16.5.1. The vulnerability allows arbitrary access to the titles of private specific references through the service-desk custom email template (GitLab Security Release, NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 3.1 (LOW) with the following vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires network access, has high attack complexity, requires low privileges, needs no user interaction, has unchanged scope, and only impacts confidentiality at a low level with no impact on integrity or availability. The vulnerability is categorized under CWE-862 (Missing Authorization) (GitLab Security Release).

The vulnerability allows unauthorized access to view titles of private specific references through the service-desk custom email template. The impact is limited to confidentiality breaches at a low level, with no effect on system integrity or availability (GitLab Security Release).

GitLab has addressed this vulnerability in versions 16.5.1, 16.4.2, and 16.3.6. Users are strongly recommended to upgrade to these patched versions to mitigate the vulnerability (GitLab Security Release).