Common Weakness Enumeration

CWE-535

Allowed

Exposure of Information Through Shell Error Message

Abstraction: Variant · Status: Incomplete

A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.

2 vulnerabilities reference this CWE, most recent first.

GHSA-34FG-2J3P-288G

Vulnerability from github – Published: 2023-04-05 21:30 – Updated: 2023-04-12 21:30
VLAI
Details

An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-535"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-05T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.",
  "id": "GHSA-34fg-2j3p-288g",
  "modified": "2023-04-12T21:30:20Z",
  "published": "2023-04-05T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1098"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1784294"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/383745"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C3QM-R5GP-MGPM

Vulnerability from github – Published: 2023-04-05 21:30 – Updated: 2023-04-12 21:30
VLAI
Details

An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3375"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-535"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-05T20:15:00Z",
    "severity": "LOW"
  },
  "details": "An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.",
  "id": "GHSA-c3qm-r5gp-mgpm",
  "modified": "2023-04-12T21:30:20Z",
  "published": "2023-04-05T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3375"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1710533"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/376041"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.