CVE-2022-4206 — Sensitive Information Exposure in Gitlab Dast API Scanner

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 63.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Dast API Scanner Debian Gitlab

Timeline

PublishedFeb 1

Description

A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDgitlab/dast_api_scanner1.6.50 — 2.0.102

▶CVEListV5gitlab/dast_api_scanner>=1.6.50, <2.0.102

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

🔴Vulnerability Details

GHSA

GHSA-q474-j5v6-f4jg: A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1↗2023-02-01

▶

OSV

CVE-2022-4206: A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1↗2023-02-01

▶

📋Vendor Advisories

Debian

CVE-2022-4206: gitlab - A sensitive information leak issue has been discovered in all versions of DAST A...↗2022

▶