An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.
Metrics
Affected Vendors & Products
References
History
Wed, 06 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 03 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-200 |
Thu, 03 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Exposure of Sensitive Information to an Unauthorized Actor in GitLab | Insertion of Sensitive Information Into Sent Data in GitLab |
Weaknesses | CWE-201 |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-07-13T02:11:05.008Z
Updated: 2024-11-06T14:22:24.167Z
Reserved: 2023-05-10T05:22:00.071Z
Link: CVE-2023-2620
Vulnrichment
Updated: 2024-08-02T06:26:09.822Z
NVD
Status : Modified
Published: 2023-07-13T03:15:09.393
Modified: 2024-11-21T07:58:56.817
Link: CVE-2023-2620
Redhat
No data.