How severe is CVE-2023-39348?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-39348?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2023-39348 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.

Related Vulnerabilities

CVE-2015-1343

MEDIUM

CVSS:5.3(Medium)

All versions of unity-scope-gdrive logs search terms to syslog.

CWE-5322015

CVE-2017-1198

MEDIUM

CVSS:5.3(Medium)

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs vi...

CWE-5322017

CVE-2017-17675

MEDIUM

CVSS:5.3(Medium)

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names a...

CWE-5322017

CVE-2018-10889

MEDIUM

CVSS:5.3(Medium)

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.

CWE-5322018

CVE-2018-1349

MEDIUM

CVSS:5.3(Medium)

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.

CWE-5322018

CVE-2018-1350

MEDIUM

CVSS:5.3(Medium)

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.

CWE-5322018