CVE-2023-5612: 
GitLab vulnerability analysis and mitigation

A vulnerability (CVE-2023-5612) was discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. The vulnerability allowed unauthorized access to user email addresses through the tags feed, even when email visibility was disabled in the user profile (GitLab Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited over the network with low attack complexity, requires no privileges or user interaction, and results in low confidentiality impact without affecting integrity or availability (NVD).

The vulnerability allows unauthorized users to access email addresses of GitLab users through the tags feed, even when those email addresses are configured to be hidden in user profiles. This represents a privacy breach that could potentially expose users to unwanted communications or be used as part of social engineering attacks (GitLab Advisory).

GitLab has released patches to address this vulnerability. Users are strongly recommended to upgrade to one of the following versions: GitLab 16.6.6, 16.7.4, or 16.8.1. GitLab.com and GitLab Dedicated environments have already been updated with the patched version (GitLab Advisory).