CVE-2023-5600: Missing Authorization in GitLab

Published Oct 31, 2023
·
Updated

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template.

Affected Software

5 affected componentsFixes available
GitLab GitLab EE>=16.0, <16.3.6, >=16.4, <16.4.2, >=16.5, <16.5.1
GitLab GitLab>=16.0.0<16.3.6
GitLab GitLab>=16.4.0<16.4.2
GitLab GitLab=16.5.0
GitLab GitLab EE>=16.0<16.3.6, >=16.4<16.4.2, >=16.5<16.5.1
16.3.616.4.216.5.1

Remediation

Information

Upgrade to versions 16.5.1, 16.4.2, 16.3.6 or above.

Event History

Jun 20, 2025
CVE Published
via MITRE·07:31 PM
Data Sourced
via MITRE·07:31 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·08:15 PM
DescriptionSeverityWeaknessAffected Software
Apr 22, 2026
Data Sourced
via GitLab·08:52 AM
DescriptionSeverityAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-5600?

CVE-2023-5600 has been classified as a medium severity vulnerability.

2

How do I fix CVE-2023-5600?

To address CVE-2023-5600, users should upgrade to GitLab EE version 16.3.6 or later, 16.4.2 or later, or 16.5.1.

3

What types of software are affected by CVE-2023-5600?

CVE-2023-5600 affects GitLab EE versions from 16.0 to 16.3.6, from 16.4 to 16.4.2, and from 16.5 to 16.5.1.

4

What is the potential impact of CVE-2023-5600?

CVE-2023-5600 may allow unauthorized access to private references' titles, leading to information disclosure.

5

How can I determine if my GitLab EE version is vulnerable to CVE-2023-5600?

To check for vulnerability, verify if your GitLab EE version is between 16.0 and 16.5.1, excluding the patched versions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203