CVE-2023-3950

2023-09-0111:15:42

CWE-312

GitLab

web.nvd.nist.gov

451

cve-2023-3950

gitlab

information disclosure

vulnerability

security

nvd

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Score

3.5

Confidence

High

EPSS

0.001

Percentile

21.6%

JSON

An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

gitlabgitlabRange16.2–16.2.5community

gitlabgitlabRange16.2–16.2.5enterprise

gitlabgitlabMatch16.3.0community

gitlabgitlabMatch16.3.0enterprise

VendorProductVersionCPE
gitlabgitlab16.3.0cpe:/a:gitlab:gitlab:16.3.0::community:
gitlabgitlab16.3.0cpe:/a:gitlab:gitlab:16.3.0::enterprise:

Vendor	Product	Version	CPE
gitlab	gitlab	16.3.0	cpe:/a:gitlab:gitlab:16.3.0::community:
gitlab	gitlab	16.3.0	cpe:/a:gitlab:gitlab:16.3.0::enterprise:

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "vendor": "GitLab",
    "versions": [
      {
        "lessThan": "16.2.5",
        "status": "affected",
        "version": "16.2",
        "versionType": "semver"
      },
      {
        "lessThan": "16.3.1",
        "status": "affected",
        "version": "16.3",
        "versionType": "semver"
      }
    ]
  }
]