CVE-2023-3993

Published: Aug 2, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 14.3 to 16.0.8
Gitlab Gitlab	From 16.1 to 16.1.3
Gitlab Gitlab	From 16.2 to 16.2.2
Gitlab Gitlab	From 14.3 to 16.0.8
Gitlab Gitlab	From 16.1 to 16.1.3
Gitlab Gitlab	From 16.2 to 16.2.2

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/409570

Source: cve@gitlab.com

Broken Link

https://gitlab.com/gitlab-org/gitlab/-/issues/409570

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.