Lucene search

Veracode Vulnerability DatabaseVERACODE:44826

HistoryDec 26, 2023 - 12:36 a.m.

Information Exposure

2023-12-2600:36:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

information exposure

vulnerability

source code

project

attacker access token

victim account

repository

malicious command

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.8%

JSON

gitlab:sid is vulnerable to Information Exposure. The vulnerability due to read the source code of a project by using attacker_access_token and login to Victim account sets the Repository. It allows an attacker execute the malicious command with attacker account.

CPENameOperatorVersion
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1

Name	Operator	Version
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1

References

gitlab.com/gitlab-org/gitlab/-/issues/416284

hackerone.com/reports/2027967

security-tracker.debian.org/tracker/CVE-2023-3413

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.8%

JSON

Related for VERACODE:44826