Skip to content

An issue has been discovered in GitLab CE/EE affecting...

Low severity Unreviewed Published Jul 13, 2023 to the GitHub Advisory Database • Updated Oct 3, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.

References

Published by the National Vulnerability Database Jul 13, 2023
Published to the GitHub Advisory Database Jul 13, 2023
Last updated Oct 3, 2024

Severity

Low

EPSS score

0.048%
(20th percentile)

CVE ID

CVE-2023-2620

GHSA ID

GHSA-58hc-8hp4-v536

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.