← Back to CVEs
CVE-2023-3950
MEDIUM5.5
Description
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.
CVE Details
CVSS v3.1 Score5.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published9/1/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
gitlab:gitlab
Weaknesses (CWE)
CWE-312CWE-312
References
https://gitlab.com/gitlab-org/gitlab/-/issues/419675(cve@gitlab.com)
https://hackerone.com/reports/2079154(cve@gitlab.com)
https://gitlab.com/gitlab-org/gitlab/-/issues/419675(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/2079154(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.