{"id":"CVE-2023-6944","summary":"Rhdh: catalog-import function leaks credentials to frontend","details":"A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.","aliases":["GHSA-86rg-pf4c-5grg"],"modified":"2026-05-28T04:09:22.508323025Z","published":"2024-01-04T10:02:38.088Z","database_specific":{"cwe_ids":["CWE-209"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6944.json","cna_assigner":"redhat"},"references":[{"type":"WEB","url":"https://catalog.redhat.com/software/containers/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2024:5869"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-6944"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6944.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6944"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255204"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/backstage/backstage","events":[{"introduced":"0"},{"fixed":"81d6a2568434ae1a1e2784fbb6e9699f55968eac"}],"database_specific":{"cpe":"cpe:2.3:a:linuxfoundation:backstage:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"1.21.0"}]}}],"versions":["v1.21.0-next.4","v1.21.0-next.3","v1.21.0-next.2","v1.21.0-next.1","v1.21.0-next.0","v1.20.0","v1.20.0-next.2","v1.20.0-next.1","v1.20.0-next.0","v1.19.0","v1.19.0-next.2","v1.19.0-next.1","v1.19.0-next.0","v1.18.0","v1.18.0-next.3","v1.18.0-next.2","v1.18.0-next.1","v1.18.0-next.0","v1.17.0","v1.15.0-next.1","v1.17.0-next.2","v1.17.0-next.1","v1.17.0-next.0","v1.16.0","v1.16.0-next.2","v1.16.0-next.1","v1.16.0-next.0","v1.15.0","v1.15.0-next.3","v1.15.0-next.2","v1.15.0-next.0","v1.14.0","v1.14.0-next.2","v1.14.0-next.1","v1.13.0","v1.14.0-next.0","v1.13.0-next.3","v1.13.0-next.2","v1.13.0-next.1","v1.13.0-next.0","v1.12.0","v1.12.0-next.2","v1.12.0-next.1","v1.12.0-next.0","v1.11.0","v1.11.0-next.2","v1.11.0-next.1","v1.11.0-next.0","v1.10.0","v1.10.0-next.2","v1.10.0-next.1","v1.10.0-next.0","v1.9.0","v1.9.0-next.4","v1.9.0-next.3","v1.9.0-next.2","v1.9.0-next.1","v1.9.0-next.0","v1.8.0-next.1","v1.8.0","v1.8.0-next.2","v1.7.0","v1.8.0-next.0","v1.7.0-next.2","v1.7.0-next.1","v1.7.0-next.0","v1.6.0","v1.6.0-next.3","v1.6.0-next.2","v1.6.0-next.1","v1.5.0","v1.6.0-next.0","v1.5.0-next.3","v1.5.0-next.2","v1.5.0-next.1","v1.5.0-next.0","v1.4.0","v1.4.0-next.3","v1.3.0","v1.4.0-next.1","v1.4.0-next.2","v1.4.0-next.0","v1.3.0-next.2","v1.3.0-next.1","v1.3.0-next.0","v1.2.0","v1.2.0-next.3","v1.2.0-next.2","v1.2.0-next.1","v1.2.0-next.0","v1.1.0","v1.1.0-next.3","v1.1.0-next.2","v1.1.0-next.1","v1.1.0-next.0","v1.0.0","v0.71.0","v0.71.0-next.0","v0.70.0","v0.69.0","v0.68.0","v0.67.0","v0.67.0-next.0","v0.66.0","v0.66.0-next.1","v0.66.0-next.0","v0.65.0","release-2022-01-27","v0.64.1","release-2022-01-20.1","v0.64.0","release-2022-01-20","v0.63.0","release-2022-01-13","v0.63.1","release-2022-01-18","v0.62.0","release-2022-01-04","v0.61.0","release-2021-12-30","v0.60.1","release-2021-12-24","v0.60.0","release-2021-12-23","v0.59.0","release-2021-12-16","v0.58.1","release-2021-12-10","v0.58.0","release-2021-12-09","v0.57.1","release-2021-12-07","v0.57.0","release-2021-12-02","v0.56.0","release-2021-11-25","v0.55.1","release-2021-11-19","v0.55.0","release-2021-11-18","v0.54.4","release-2021-11-17.1","v0.54.3","release-2021-11-17","v0.54.2","release-2021-11-12","v0.54.1","release-2021-11-11.1","v0.54.0","release-2021-11-11","v0.53.3","release-2021-11-08","v0.53.0","release-2021-10-28","v0.53.2","release-2021-10-29.1","v0.53.1","release-2021-10-29","v0.52.1","release-2021-10-22","v0.51.2","release-2021-10-19","v0.52.0","release-2021-10-21","v0.51.1","release-2021-10-16","v0.51.0","release-2021-10-14","v0.50.2","release-2021-10-13","v0.50.1","release-2021-10-11","v0.50.0","release-2021-10-07","release-2021-10-06","release-2021-10-04","v0.49.0","release-2021-09-30","v0.48.1","release-2021-09-28","v0.48.0","release-2021-09-23","v0.47.2","release-2021-09-21","v0.47.1","release-2021-09-17","v0.47.0","release-2021-09-16","v0.46.1","release-2021-09-14","v0.46.0","release-2021-09-09","v0.45.0","release-2021-09-02","v0.44.1","release-2021-08-31","v0.44.0","release-2021-08-26","v0.43.0","release-2021-08-20","v0.42.0","release-2021-08-19","v0.41.1","release-2021-08-17","v0.41.0","release-2021-08-12","v0.40.1","release-2021-08-11","v0.40.0","release-2021-08-05","v0.39.1","release-2021-08-03","v0.39.0","release-2021-07-29","v0.38.0","release-2021-07-22","v0.37.1","release-2021-07-16","v0.37.0","release-2021-07-15","v0.36.2","release-2021-07-14.1","v0.36.1","release-2021-07-14","v0.36.0","release-2021-07-08","v0.35.1","release-2021-07-07","v0.35.0","release-2021-07-01","v0.34.1","release-2021-06-28","v0.34.0","release-2021-06-24","v0.33.3","release-2021-06-21.1","v0.33.2","release-2021-06-21","v0.33.1","release-2021-06-18","v0.33.0","release-2021-06-17.1","v0.32.0","release-2021-06-17","v0.31.0","release-2021-06-10.1","v0.30.1","release-2021-06-10","v0.28.0","release-2021-05-20.1","v0.30.0","release-2021-06-03","v0.29.2","release-2021-06-01","v0.29.1","release-2021-05-31","v0.29.0","release-2021-05-27","v0.24.1","release-2021-05-04","v0.26.0","release-2021-05-12.1","v0.27.0","release-2021-05-20","v0.26.1","release-2021-05-17","v0.25.3","release-2021-05-12","v0.25.2","release-2021-05-11","v0.25.1","release-2021-05-10","v0.25.0","release-2021-05-06","v0.24.0","release-2021-04-29","v0.23.0","release-2021-04-22.1","v0.22.2","release-2021-04-22","v0.22.1","release-2021-04-21","v0.22.0","release-2021-04-15","v0.21.1","release-2021-04-13","v0.20.0","release-2021-03-31","v0.21.0","release-2021-04-08","v0.20.1","release-2021-03-31.1","v0.19.0","release-2021-03-25","v0.18.1","release-2021-03-19","v0.18.0","release-2021-03-18","v0.17.3","release-2021-03-17","v0.17.2","release-2021-03-16","v0.17.1","release-2021-03-11.1","v0.17.0","release-2021-03-11","v0.16.1","release-2021-03-09","v0.16.0","release-2021-03-04","v0.15.0","release-2021-02-23","v0.14.0","release-2021-02-18","v0.13.1","release-2021-02-16","v0.13.0","release-2021-02-11","v0.12.0","release-2021-02-05","v0.11.3","release-2021-02-03","v0.11.2","release-2021-02-01","v0.11.1","release-2021-01-29","v0.11.0","release-2021-01-28","v0.10.0","release-2021-01-21.1","v0.9.0","release-2021-01-21","v0.8.2","release-2021-01-20","v0.8.1","release-2021-01-18","v0.8.0","release-2021-01-14.1","v0.7.0","release-2021-01-14","v0.6.0","release-2021-01-09","v0.5.0","release-2021-01-08","release-2021-1-7","release-2021-01-07","v0.4.3","v0.4.2","v0.4.1","v0.4.0","v0.3.2","v0.3.1","v0.3.0","v0.2.0","v0.1.1","v0.1.1-alpha.26","v0.1.1-alpha.25","v0.1.1-alpha.24","v0.1.1-alpha.23","v0.1.1-alpha.22","v0.1.1-alpha.21","v0.1.1-alpha.20","v0.1.1-alpha.19","v0.1.1-alpha.18","v0.1.1-alpha.17","v0.1.1-alpha.16","v0.1.1-alpha.15","v0.1.1-alpha.13","v0.1.1-alpha.12","v0.1.1-alpha.11","v0.1.1-alpha.10","cli-old-cache-watch","v0.1.1-alpha.8","v0.1.1-alpha.7","v0.1.1-alpha.6","v0.1.1-alpha.5","v0.1.1-alpha.4","v0.1.1-alpha.3","v0.1.1-alpha.2","v0.1.1-alpha.1","v0.1.1-alpha.0","v0.1.0","hackweek-demo"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6944.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}]}