An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.
Fixes

Solution

Upgrade to version 16.2.5 or 16.3.1


Workaround

No workaround given by the vendor.

History

Thu, 19 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 29 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2025-05-22T04:07:48.529Z

Reserved: 2023-07-25T17:30:22.877Z

Link: CVE-2023-3950

cve-icon Vulnrichment

Updated: 2024-08-02T07:08:50.670Z

cve-icon NVD

Status : Modified

Published: 2023-09-01T11:15:42.457

Modified: 2024-11-21T08:18:23.267

Link: CVE-2023-3950

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.