Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rhdh: catalog-import function leaks credentials to frontend
Vulnerability Description
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
通过错误消息导致的信息暴露
Vulnerability Title
Backstage 安全漏洞
Vulnerability Description
Backstage是一个应用软件。后台是一个开放的平台,用于构建开发者门户。 Backstage 存在安全漏洞,该漏洞源于当提供带有换行符的令牌时,GitlabDiscoveryEntityProvider 会泄漏日志中的 gitlab 集成令牌。
CVSS Information
N/A
Vulnerability Type
N/A