Lucene search

GoogleOSV:CVE-2023-2620

HistoryJul 13, 2023 - 3:15 a.m.

CVE-2023-2620

2023-07-1303:15:09

Google

osv.dev

cve-2023-2620

gitlab

security issue

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

42.0%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.

CPENameOperatorVersion
gitlabeq16.0.5-ee
gitlabeq16.0.4-ee
gitlabeq16.0.1-ee
gitlabeq16.0.2-ee
gitlabeq16.0.0-ee
gitlabeq16.0.3-ee

Name	Operator	Version
gitlab	eq	16.0.5-ee
gitlab	eq	16.0.4-ee
gitlab	eq	16.0.1-ee
gitlab	eq	16.0.2-ee
gitlab	eq	16.0.0-ee
gitlab	eq	16.0.3-ee

References

gitlab.com/gitlab-org/gitlab/-/issues/410433

hackerone.com/reports/1976206

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

42.0%

JSON

Related for OSV:CVE-2023-2620