Lucene search

Veracode Vulnerability DatabaseVERACODE:42443

HistoryAug 06, 2023 - 8:43 p.m.

Information Disclosure

2023-08-0620:43:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

vulnerability

expired password

sensitive information

rss feeds

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

29.6%

JSON

gitlab is vulnerable to Information Disclosure. The vulnerability exists because a user with an expired password can access sensitive information through RSS feeds.

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0093.json

gitlab.com/gitlab-org/gitlab/-/issues/343247

hackerone.com/reports/1348738

security-tracker.debian.org/tracker/CVE-2022-0093

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

29.6%

JSON

Related for VERACODE:42443