CVE-2023-3363

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.

CVSS v3 3.8 LOW

3.8^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/409034	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

20 Jul 2023, 20:51

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
CWE		CWE-532
First Time		Gitlab gitlab Gitlab
References	~~(MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/409034 -~~	(MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/409034 - Broken Link
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.8

13 Jul 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-13 03:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-3363

Mitre link : CVE-2023-3363

CVE.ORG link : CVE-2023-3363

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2023-3363", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.0}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 0.8}]}, "published": "2023-07-13T03:15:10.280", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409034", "tags": ["Broken Link"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`."}], "lastModified": "2023-07-20T20:51:55.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "577B87FF-E7E0-4E87-A5CC-7D0605BAE647", "versionEndExcluding": "15.11.10", "versionStartIncluding": "13.6"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "5A342CED-40DE-4E6A-B8A1-F64D21987F04", "versionEndExcluding": "15.11.10", "versionStartIncluding": "13.6"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "691225A9-E175-41A1-A413-0FE619DF9ACF", "versionEndExcluding": "16.0.6", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "8D33EB2F-DB0F-40DA-9C1C-4A33856EABDD", "versionEndExcluding": "16.0.6", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "8C47692F-480C-4804-BA0D-E9AF1DB74B28", "versionEndExcluding": "16.1.1", "versionStartIncluding": "16.1"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "36D2F9C4-8B76-49F4-B9EE-DC2FBAA9EE2C", "versionEndExcluding": "16.1.1", "versionStartIncluding": "16.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}