CVE-2023-3363
Insertion of Sensitive Information into Log File in GitLab
3.8
LOW
CVSS 3.1
EPSS 0.02%
Description
An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.
How to fix CVE-2023-3363
To remediate CVE-2023-3363, upgrade the affected package to a fixed version below.
- —upgrade to 15.11.10 or later
Is CVE-2023-3363 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 13.6.0, < 15.11.10, >= 16.0.0, < 16.0.6, >= 16.1.0, < 16.1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |