CVE Catalog

CVE-2023-3363

LowCVSS 3.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

An information disclosure issue in Gitlab CE/EE affects all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, and all versions from 16.1 prior to 16.1.1. The issue resulted in the Sidekiq log including webhook tokens when the log format was set to 'default'.

Risk Assessment

The disclosure of webhook tokens may lead to unauthorized access to resources and data within the system, posing a significant security threat to the organization.

Recommendation

It is recommended to update Gitlab to the latest version to mitigate this vulnerability and consider changing the log format to avoid exposing sensitive information.

Original NVD description (English source)

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS