352 – Insecure service configuration - Non Masked Variables
Description
It is possible to bypass the masking of environment variables when they are printed in the job logs, therefore sensitive data such as passwords, tokens, users, among others are exposed. This is possible because production secrets are saved in unprotected variables of git, therefore a developer could leak these credentials when running pipelines.
Impact
- Get admin credentials. - Read, write and modify Gitlab resources. - Get customer information. - Download information and evidences of customers. - Delete fluid and registries of customer.
Recommendation
Verify that the user who is trying to access the functionalities effectively has the necessary permissions to do so. Encrypt all sensitive information that is transported or stored within the application according to the policies of the organization.
Threat
External attacker allowed to run pipelines.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: H
- Attack Requirements: N
- Privileges required: H
- User interaction: N
- Confidentiality (VC): H
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): H
- Integrity (SI): L
- Availability (SA): L
Threat 4.0
- Exploit maturity: X