How severe is CVE-2023-6944?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2023-6944?

This is classified as CWE-209, which is a common weakness in software security.

CVE-2023-6944 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.

Related Vulnerabilities

CVE-2020-14337

MEDIUM

CVSS:5.8(Medium)

A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default org...

CWE-2092020

CVE-2025-0941

MEDIUM

CVSS:5.8(Medium)

MET ONE 3400+ instruments running software v1.0.41 can, under rare conditions, temporarily store credentials in plain text within the system. This data is not available to unauthenticated users.

CWE-2092025

CVE-2025-46746

MEDIUM

CVSS:5.8(Medium)

An administrator could discover another account's credentials.

CWE-2092025

CVE-2019-12864

MEDIUM

CVSS:5.5(Medium)

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathnam...

CWE-2092019

CVE-2021-1546

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access throu...

CWE-2092021

CVE-2021-3620

MEDIUM

CVSS:5.5(Medium)

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest thr...

CWE-2092021