CVE-2023-3950

An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 08:18

Type Values Removed Values Added
References () https://gitlab.com/gitlab-org/gitlab/-/issues/419675 - Broken Link () https://gitlab.com/gitlab-org/gitlab/-/issues/419675 - Broken Link
References () https://hackerone.com/reports/2079154 - Permissions Required () https://hackerone.com/reports/2079154 - Permissions Required
CVSS v2 : unknown
v3 : 3.8
v2 : unknown
v3 : 5.5

01 Sep 2023, 21:14

Type Values Removed Values Added
References (MISC) https://hackerone.com/reports/2079154 - (MISC) https://hackerone.com/reports/2079154 - Permissions Required
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/419675 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/419675 - Broken Link
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.8
First Time Gitlab gitlab
Gitlab
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*
CWE CWE-312

01 Sep 2023, 11:47

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-01 11:15

Updated : 2024-11-21 08:18


NVD link : CVE-2023-3950

Mitre link : CVE-2023-3950

CVE.ORG link : CVE-2023-3950


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-312

Cleartext Storage of Sensitive Information