← Retour aux CVEs
CVE-2023-6944
MEDIUM5.7
Description
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
Details CVE
Score CVSS v3.15.7
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie1/4/2024
Derniere modification9/5/2025
Sourcenvd
Observations honeypot0
Produits affectes
linuxfoundation:backstageredhat:red_hat_developer_hub
Faiblesses (CWE)
CWE-209CWE-209
References
https://access.redhat.com/errata/RHBA-2024:5869(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-6944(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2255204(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-6944(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2255204(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.