CVE-2023-3950

2023-09-0111:15:42

CWE-312

[email protected]

web.nvd.nist.gov

gitlab

information disclosure

version 16.2

google cloud logging

CVSS3

3.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

21.6%

JSON

An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.