CWE-535
AllowedExposure of Information Through Shell Error Message
Abstraction: Variant · Status: Incomplete
A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.
2 vulnerabilities reference this CWE, most recent first.
GHSA-34FG-2J3P-288G
Vulnerability from github – Published: 2023-04-05 21:30 – Updated: 2023-04-12 21:30An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.
{
"affected": [],
"aliases": [
"CVE-2023-1098"
],
"database_specific": {
"cwe_ids": [
"CWE-535"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-05T20:15:00Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.",
"id": "GHSA-34fg-2j3p-288g",
"modified": "2023-04-12T21:30:20Z",
"published": "2023-04-05T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1098"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1784294"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/383745"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C3QM-R5GP-MGPM
Vulnerability from github – Published: 2023-04-05 21:30 – Updated: 2023-04-12 21:30An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.
{
"affected": [],
"aliases": [
"CVE-2022-3375"
],
"database_specific": {
"cwe_ids": [
"CWE-535"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-05T20:15:00Z",
"severity": "LOW"
},
"details": "An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.",
"id": "GHSA-c3qm-r5gp-mgpm",
"modified": "2023-04-12T21:30:20Z",
"published": "2023-04-05T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3375"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1710533"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/376041"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.