Information Disclosure Vulnerability in GitLab EE: Group Owners Can Access Public Key for Google Cloud Logging Audit Event Streaming Destination

Information Disclosure Vulnerability in GitLab EE: Group Owners Can Access Public Key for Google Cloud Logging Audit Event Streaming Destination

CVE-2023-3950 · LOW Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.

Learn more about our Cloud Audit.