CVE-2023-0838 — Sensitive Information Exposure in Gitlab
Severity
3.8LOWNVD
EPSS
0.8%
top 25.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 5
Latest updateJul 13
Description
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5
Affected Packages5 packages
🔴Vulnerability Details
4GHSA▶
GHSA-58hc-8hp4-v536: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15↗2023-07-13
OSV▶
CVE-2023-2620: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15↗2023-07-13
OSV▶
CVE-2023-0838: An issue has been discovered in GitLab affecting versions starting from 15↗2023-04-05
GHSA▶
GHSA-xg8m-4qxg-vm4m: An issue has been discovered in GitLab affecting versions starting from 15↗2023-04-05
📋Vendor Advisories
4GitLab▶
CVE-2023-2620: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all↗2023-07-13
GitLab▶
CVE-2023-0838: An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer↗2023-04-05
Debian▶
CVE-2023-2620: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...↗2023
Debian▶
CVE-2023-0838: gitlab - An issue has been discovered in GitLab affecting versions starting from 15.1 bef...↗2023