CVE-2023-4378

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 1, 2023
Updated: Sep 7, 2023
CWE ID 122
CWE ID 190

Summary

CVE-2023-4378 is a newly disclosed vulnerability in GitLab CE/EE affecting versions 11.8 to 16.3. A malicious user with Maintainer privileges can exploit this issue and leak the Sentry token by manipulating the URL configuration in the Sentry error tracking settings page. This vulnerability stems from an incomplete fix for CVE-2022-4365. GitLab urges users to upgrade to the fixed versions as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • X.org Libx11
  • Libx11
  • Red Hat Enterprise Linux
  • Fedora Operating System

Affected Vendors

  • Red Hat
  • Fedora Project
  • X.Org Foundation
  • X.Org