← Back to CVEs
CVE-2023-6944
MEDIUM5.7
Description
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
CVE Details
CVSS v3.1 Score5.7
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
Published1/4/2024
Last Modified9/5/2025
Sourcenvd
Honeypot Sightings0
Affected Products
linuxfoundation:backstageredhat:red_hat_developer_hub
Weaknesses (CWE)
CWE-209CWE-209
References
https://access.redhat.com/errata/RHBA-2024:5869(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-6944(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2255204(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-6944(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2255204(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.