A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-6944 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2255204 | Issue Tracking Vendor Advisory |
Configurations
History
10 Jan 2024, 17:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat
Redhat red Hat Developer Hub Linuxfoundation Linuxfoundation backstage |
|
CWE | CWE-209 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.7 |
CPE | cpe:2.3:a:linuxfoundation:backstage:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:red_hat_developer_hub:*:*:*:*:*:*:*:* |
|
References | () https://access.redhat.com/security/cve/CVE-2023-6944 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2255204 - Issue Tracking, Vendor Advisory |
04 Jan 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-04 10:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-6944
Mitre link : CVE-2023-6944
CVE.ORG link : CVE-2023-6944
JSON object : View
Products Affected
redhat
- red_hat_developer_hub
linuxfoundation
- backstage
CWE
CWE-209
Generation of Error Message Containing Sensitive Information