CVE-2023-2200 — Vulnetix

CVE-2023-2200 PUBLISHED

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.

EPSS 1.00% · 77.4th percentile

Risk Scores

EPSS Score

1.00%

77.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	7.14.0, 16.0.0, 16.1.0
Bitnami	gitlab	7.14.0, 16.0.0, 16.1.0

Exploit Intelligence

GitLab Issue #408281 (circl)
https://hackerone.com/reports/1935628 (osv)

Timeline

Jun 29, 2023 CVE Published
Jul 14, 2023 EPSS Score
Mar 18, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Apr 1, 2025 EPSS Score
Apr 2, 2025 EPSS Score
Apr 7, 2025 EPSS Score
Apr 8, 2025 EPSS Score
Apr 13, 2025 EPSS Score
May 1, 2025 EPSS Score
May 5, 2025 EPSS Score
Jun 1, 2025 EPSS Score

References

https://gitlab.com/gitlab-org/gitlab/-/issues/408281 url
https://hackerone.com/reports/1935628 url
https://nvd.nist.gov/vuln/detail/CVE-2023-2200 url

Open in Interactive Console →