An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365.
Metrics
Affected Vendors & Products
References
History
Thu, 03 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-200 |
Thu, 03 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Exposure of Sensitive Information to an Unauthorized Actor in GitLab | Insertion of Sensitive Information Into Sent Data in GitLab |
Weaknesses | CWE-201 |
Thu, 19 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-09-01T10:30:31.991Z
Updated: 2024-10-09T04:04:22.777Z
Reserved: 2023-08-16T00:01:27.522Z
Link: CVE-2023-4378
Vulnrichment
Updated: 2024-08-02T07:24:04.549Z
NVD
Status : Modified
Published: 2023-09-01T11:15:43.113
Modified: 2024-11-21T08:34:57.950
Link: CVE-2023-4378
Redhat
No data.