← Zuruck zu CVEs
CVE-2023-6944
MEDIUM5.7
Beschreibung
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
CVE Details
CVSS v3.1 Bewertung5.7
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht1/4/2024
Zuletzt geandert9/5/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
linuxfoundation:backstageredhat:red_hat_developer_hub
Schwachen (CWE)
CWE-209CWE-209
Referenzen
https://access.redhat.com/errata/RHBA-2024:5869(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-6944(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2255204(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-6944(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2255204(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.