CVE-2023-2200 Vulnerability Details

  /     /     /  

CVE-2023-2200 Metadata Quick Info

CVE Published: 13/07/2023 | CVE Updated: 30/10/2024 | CVE Year: 2023
Source: GitLab | Vendor: GitLab | Product: GitLab
Status : PUBLISHED

---

CVE-2023-2200 Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.

Metrics

CVSS Version: 3.1 | Base Score: 4.1 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-116
CWE Name: CWE-116: Improper Encoding or Escaping of Output
Source: GitLab

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).