OpenCVE

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/gitlab/-/issues/410433
https://hackerone.com/reports/1976206

History

Wed, 06 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 03 Oct 2024 07:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200

Thu, 03 Oct 2024 06:30:00 +0000

Type	Values Removed	Values Added
Title	Exposure of Sensitive Information to an Unauthorized Actor in GitLab	Insertion of Sensitive Information Into Sent Data in GitLab
Weaknesses		CWE-201

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-07-13T02:11:05.008Z

Updated: 2024-11-06T14:22:24.167Z

Reserved: 2023-05-10T05:22:00.071Z

Link: CVE-2023-2620

Vulnrichment

Updated: 2024-08-02T06:26:09.822Z

NVD

Status : Modified

Published: 2023-07-13T03:15:09.393

Modified: 2024-10-03T07:15:08.623

Link: CVE-2023-2620

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2620", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-05-10T05:22:00.071Z", "datePublished": "2023-07-13T02:11:05.008Z", "dateUpdated": "2024-11-06T14:22:24.167Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "versions": [{"lessThan": "15.11.10", "status": "affected", "version": "15.1", "versionType": "semver"}, {"lessThan": "16.0.6", "status": "affected", "version": "16.0", "versionType": "semver"}, {"lessThan": "16.1.1", "status": "affected", "version": "16.1", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thanks [theluci](https://hackerone.com/theluci) for reporting this vulnerability through our HackerOne bug bounty program"}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "description": "CWE-201: Insertion of Sensitive Information Into Sent Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:10.816Z"}, "references": [{"name": "GitLab Issue #410433", "tags": ["issue-tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/410433"}, {"name": "HackerOne Bug Bounty Report #1976206", "tags": ["technical-description", "exploit"], "url": "https://hackerone.com/reports/1976206"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 15.11.10, 16.0.6, 16.1.1 or above."}], "title": "Insertion of Sensitive Information Into Sent Data in GitLab"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:26:09.822Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/410433", "name": "GitLab Issue #410433", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/1976206", "name": "HackerOne Bug Bounty Report #1976206", "tags": ["technical-description", "exploit", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-06T14:22:12.165370Z", "id": "CVE-2023-2620", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T14:22:24.167Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/410433", "name": "GitLab Issue #410433", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/1976206", "name": "HackerOne Bug Bounty Report #1976206", "tags": ["technical-description", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:26:09.822Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2620", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-06T14:22:12.165370Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T14:22:20.035Z"}}], "cna": {"title": "Insertion of Sensitive Information Into Sent Data in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [theluci](https://hackerone.com/theluci) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "15.1", "lessThan": "15.11.10", "versionType": "semver"}, {"status": "affected", "version": "16.0", "lessThan": "16.0.6", "versionType": "semver"}, {"status": "affected", "version": "16.1", "lessThan": "16.1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 15.11.10, 16.0.6, 16.1.1 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/410433", "name": "GitLab Issue #410433", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/1976206", "name": "HackerOne Bug Bounty Report #1976206", "tags": ["technical-description", "exploit"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-201", "description": "CWE-201: Insertion of Sensitive Information Into Sent Data"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:10.816Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2620", "state": "PUBLISHED", "dateUpdated": "2024-11-06T14:22:24.167Z", "dateReserved": "2023-05-10T05:22:00.071Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2023-07-13T02:11:05.008Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "360C9FA7-D45C-45BC-B580-B045004AD490", "versionEndExcluding": "15.11.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E7E52754-B59F-4605-817A-E6D8CB1F1C28", "versionEndExcluding": "15.11.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "691225A9-E175-41A1-A413-0FE619DF9ACF", "versionEndExcluding": "16.0.6", "versionStartIncluding": "16.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8D33EB2F-DB0F-40DA-9C1C-4A33856EABDD", "versionEndExcluding": "16.0.6", "versionStartIncluding": "16.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "EDBA8049-0CB9-4B64-B803-52210D57624F", "versionEndExcluding": "16.1.1", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8365BE79-8EB8-4739-993B-851506085865", "versionEndExcluding": "16.1.1", "versionStartIncluding": "16.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838."}], "id": "CVE-2023-2620", "lastModified": "2024-10-03T07:15:08.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2023-07-13T03:15:09.393", "references": [{"source": "cve@gitlab.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/410433"}, {"source": "cve@gitlab.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/1976206"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-201"}], "source": "cve@gitlab.com", "type": "Secondary"}]}