CVE-2023-4378: 
GitLab vulnerability analysis and mitigation

A vulnerability (CVE-2023-4378) was discovered in GitLab CE/EE affecting all versions from 11.8 before 16.1.5, all versions from 16.2 before 16.2.5, and all versions from 16.3 before 16.3.1. The vulnerability allows a malicious Maintainer to leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This vulnerability was identified as a bypass of an incomplete fix for CVE-2022-4365 (GitLab Release, NVD).

The vulnerability exists in the URL validation mechanism where the security check only verifies if the new URL starts with the original API host. This implementation flaw allows an attacker to bypass the protection by using a domain that starts with the same string as the legitimate domain. For example, if the legitimate server is hosted on 'example.com', an attacker could use 'example.co' to bypass the check. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N) (GitLab Release).

The successful exploitation of this vulnerability allows an attacker with Maintainer privileges to leak the configured Sentry token. This token provides both read and write access to the Sentry instance, potentially compromising the confidentiality and integrity of error tracking data (GitLab Release).

The vulnerability has been fixed in GitLab versions 16.1.5, 16.2.5, and 16.3.1. Organizations are strongly recommended to upgrade to these or later versions immediately. GitLab.com has already been updated with the patched version (GitLab Release).