cve-2023-3363
Vulnerability from cvelistv5
Published
2023-07-13 02:08
Modified
2024-08-02 06:55
Severity
Summary
Insertion of Sensitive Information into Log File in GitLab
References
Source | URL | Tags |
---|---|---|
cve@gitlab.com | https://gitlab.com/gitlab-org/gitlab/-/issues/409034 | Broken Link |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:55:02.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "GitLab Issue #409034", "tags": [ "issue-tracking", "x_transferred" ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409034" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "versions": [ { "lessThan": "15.11.10", "status": "affected", "version": "13.6", "versionType": "semver" }, { "lessThan": "16.0.6", "status": "affected", "version": "16.0", "versionType": "semver" }, { "lessThan": "16.1.1", "status": "affected", "version": "16.1", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "This vulnerability was reported by Martin Vaisset from MyMoneyBank" } ], "descriptions": [ { "lang": "en", "value": "An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-13T02:08:35.069Z", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "name": "GitLab Issue #409034", "tags": [ "issue-tracking" ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409034" } ], "solutions": [ { "lang": "en", "value": "Upgrade to versions 15.11.10, 16.0.6, 16.1.1 or above." } ], "title": "Insertion of Sensitive Information into Log File in GitLab" } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-3363", "datePublished": "2023-07-13T02:08:35.069Z", "dateReserved": "2023-06-22T01:14:48.593Z", "dateUpdated": "2024-08-02T06:55:02.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-3363\",\"sourceIdentifier\":\"cve@gitlab.com\",\"published\":\"2023-07-13T03:15:10.280\",\"lastModified\":\"2023-07-20T20:51:55.723\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.8,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":2.0,\"impactScore\":1.4},{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.9,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]},{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"13.6\",\"versionEndExcluding\":\"15.11.10\",\"matchCriteriaId\":\"577B87FF-E7E0-4E87-A5CC-7D0605BAE647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"13.6\",\"versionEndExcluding\":\"15.11.10\",\"matchCriteriaId\":\"5A342CED-40DE-4E6A-B8A1-F64D21987F04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndExcluding\":\"16.0.6\",\"matchCriteriaId\":\"691225A9-E175-41A1-A413-0FE619DF9ACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndExcluding\":\"16.0.6\",\"matchCriteriaId\":\"8D33EB2F-DB0F-40DA-9C1C-4A33856EABDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"16.1\",\"versionEndExcluding\":\"16.1.1\",\"matchCriteriaId\":\"8C47692F-480C-4804-BA0D-E9AF1DB74B28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"16.1\",\"versionEndExcluding\":\"16.1.1\",\"matchCriteriaId\":\"36D2F9C4-8B76-49F4-B9EE-DC2FBAA9EE2C\"}]}]}],\"references\":[{\"url\":\"https://gitlab.com/gitlab-org/gitlab/-/issues/409034\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Broken Link\"]}]}}" } }
Loading...