← Volver a CVEs
CVE-2023-6944
MEDIUM5.7
Descripcion
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
Detalles CVE
Puntuacion CVSS v3.15.7
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado1/4/2024
Ultima modificacion9/5/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
linuxfoundation:backstageredhat:red_hat_developer_hub
Debilidades (CWE)
CWE-209CWE-209
Referencias
https://access.redhat.com/errata/RHBA-2024:5869(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-6944(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2255204(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-6944(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2255204(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.