An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-07-13T02:11:05.008Z
Updated: 2024-08-02T06:26:09.822Z
Reserved: 2023-05-10T05:22:00.071Z
Link: CVE-2023-2620
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-13T03:15:09.393
Modified: 2023-07-20T20:32:24.047
Link: CVE-2023-2620
Redhat
No data.