CVE-2023-3363
LowCVSS 3.9Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
An information disclosure issue in Gitlab CE/EE affects all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, and all versions from 16.1 prior to 16.1.1. The issue resulted in the Sidekiq log including webhook tokens when the log format was set to 'default'.
Risk Assessment
The disclosure of webhook tokens may lead to unauthorized access to resources and data within the system, posing a significant security threat to the organization.
Recommendation
It is recommended to update Gitlab to the latest version to mitigate this vulnerability and consider changing the log format to avoid exposing sensitive information.
Original NVD description (English source)
An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.

