{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-3993","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","state":"PUBLISHED","assignerShortName":"GitLab","dateReserved":"2023-07-28T09:01:21.622Z","datePublished":"2023-08-02T00:07:00.242Z","dateUpdated":"2024-10-03T06:23:13.637Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","vendor":"GitLab","versions":[{"lessThan":"16.0.8","status":"affected","version":"14.3","versionType":"semver"},{"lessThan":"16.1.3","status":"affected","version":"16.1","versionType":"semver"},{"lessThan":"16.2.2","status":"affected","version":"16.2","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"This vulnerability was discovered internally by GitLab team member [@mjozenazemian](https://gitlab.com/mjozenazemian)."}],"descriptions":[{"lang":"en","value":"An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-532","description":"CWE-532: Insertion of Sensitive Information into Log File","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2024-10-03T06:23:13.637Z"},"references":[{"name":"GitLab Issue #409570","tags":["issue-tracking","permissions-required"],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/409570"}],"solutions":[{"lang":"en","value":"Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above."}],"title":"Insertion of Sensitive Information into Log File in GitLab"},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:08:50.764Z"},"title":"CVE Program Container","references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/409570","name":"GitLab Issue #409570","tags":["issue-tracking","permissions-required","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-30T15:41:18.693629Z","id":"CVE-2023-3993","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-30T15:41:31.006Z"}}]}}