Impact
The vulnerability arises from GitLab’s email template engine failing to neutralize substitution characters when processing Service Desk email replies. This flaw, identified as CWE-153, allows an unauthenticated attacker to construct a malicious email that impersonates the GitLab Support Bot and inject arbitrary content into repository or issue metadata.
Affected Systems
GitLab Community Edition and Enterprise Edition are affected. Versions from 15.9 up to 18.10.7, 18.11 up to 18.11.4, and 19.0 up to 19.0.1 are vulnerable. The vendor recommends upgrading to GitLab 18.10.8, 18.11.5, 19.0.2 or newer to resolve the issue.
Risk and Exploitability
The CVSS score of 2.6 indicates low severity, and the EPSS score of less than 1% signals a very low exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. When exploited, the attacker could inject arbitrary content into GitLab via a crafted Service Desk email reply, potentially leading to defacement or misrepresentation of support communications. The likely attack vector is through the Service Desk feature, where an unauthenticated user could send a specially crafted email to a project’s support address, triggering the template engine to process malicious substitution characters.
OpenCVE Enrichment