← Voltar para CVEs
CVE-2023-6944
MEDIUM5.7
Descricao
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
Detalhes CVE
Pontuacao CVSS v3.15.7
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado1/4/2024
Ultima modificacao9/5/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
linuxfoundation:backstageredhat:red_hat_developer_hub
Fraquezas (CWE)
CWE-209CWE-209
Referencias
https://access.redhat.com/errata/RHBA-2024:5869(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-6944(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2255204(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-6944(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2255204(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.