CVE-2023-3363 Vulnerability Details

  /     /     /  

CVE-2023-3363 Metadata Quick Info

CVE Published: 13/07/2023 | CVE Updated: 05/11/2024 | CVE Year: 2023
Source: GitLab | Vendor: GitLab | Product: GitLab
Status : PUBLISHED

---

CVE-2023-3363 Description

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.

Metrics

CVSS Version: 3.1 | Base Score: 3.9 LOW
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-532
CWE Name: CWE-532: Insertion of Sensitive Information into Log File
Source: GitLab

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).