Lucene search

[email protected]CVE-2023-2620

HistoryJul 13, 2023 - 3:15 a.m.

CVE-2023-2620

2023-07-1303:15:09

CWE-200

[email protected]

web.nvd.nist.gov

cve-2023-2620

gitlab

webhook

url

modification

security

vulnerability

nvd

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

3.6 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.

Affected configurations

NVD

Node

gitlabgitlabRange15.1.0–15.11.10community

gitlabgitlabRange15.1.0–15.11.10enterprise

gitlabgitlabRange16.0.0–16.0.6community

gitlabgitlabRange16.0.0–16.0.6enterprise

gitlabgitlabRange16.1.0–16.1.1community

gitlabgitlabRange16.1.0–16.1.1enterprise

CPENameOperatorVersion
gitlab:gitlabgitlablt15.11.10
gitlab:gitlabgitlablt16.0.6
gitlab:gitlabgitlablt16.1.1

CPE	Name	Operator	Version
gitlab:gitlab	gitlab	lt	15.11.10
gitlab:gitlab	gitlab	lt	16.0.6
gitlab:gitlab	gitlab	lt	16.1.1

CNA Affected

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "versions": [
      {
        "version": "15.1",
        "status": "affected",
        "lessThan": "15.11.10",
        "versionType": "semver"
      },
      {
        "version": "16.0",
        "status": "affected",
        "lessThan": "16.0.6",
        "versionType": "semver"
      },
      {
        "version": "16.1",
        "status": "affected",
        "lessThan": "16.1.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]