CVE-2023-6944

Rhdh: catalog-import function leaks credentials to frontend

Severity Score

5.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.

Se encontró una falla en Red Hat Developer Hub (RHDH). La función catalog-import filtra tokens de acceso de GitLab en la interfaz cuando el token de GitLab codificado en base64 incluye una nueva línea al final de la cadena. El error sanitizado puede aparecer en la interfaz, incluido el token de acceso sin formato. Al obtener acceso a este token y dependiendo de los permisos, un atacante podría enviar código malicioso a repositorios, eliminar recursos en Git, revocar o generar nuevas claves y firmar código de forma ilegítima.

*Credits: Red Hat would like to thank Josephine Pfeiffer for reporting this issue.

CVSS Scores

NISTv3.1 5.7

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-12-19 CVE Reserved
2024-01-04 CVE Published
2024-01-11 EPSS Updated
2024-08-20 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-209: Generation of Error Message Containing Sensitive Information

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-6944	2024-02-04
https://bugzilla.redhat.com/show_bug.cgi?id=2255204	2024-02-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Red Hat Developer Hub Search vendor "Redhat" for product "Red Hat Developer Hub"				< 1.21.0 Search vendor "Redhat" for product "Red Hat Developer Hub" and version " < 1.21.0"		-		Affected
Linuxfoundation Search vendor "Linuxfoundation"		Backstage Search vendor "Linuxfoundation" for product "Backstage"				< 1.21.0 Search vendor "Linuxfoundation" for product "Backstage" and version " < 1.21.0"		-		Affected