← Back

CVE-2023-2620

nvd nist
Published: Jul 13, 2023Modified: Nov 21, 2024

JSON object

Loading...
3.8
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Exploitability: 1.2 / Impact: 2.5
Source: NVD

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.

Affected (6)

Products: Gitlab: Gitlab
Gitlab
1 product
Gitlab
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Gitlab
Gitlab
From 15.1.0 to 15.11.10
Gitlab
From 16.0.0 to 16.0.6
Gitlab
From 16.1.0 to 16.1.1
Gitlab
From 15.1.0 to 15.11.10
Gitlab
From 16.0.0 to 16.0.6
Gitlab
From 16.1.0 to 16.1.1

Related CWEs

CWE-201
Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References (4)

Source: cve@gitlab.com
Broken LinkVendor Advisory
Source: cve@gitlab.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.