CVE-2023-0326

4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 39.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Dynamic Application Security Testing Analyzer Gitlab Gitlab Dast API Scanner

Timeline

PublishedMar 27

Latest updateMar 28

Description

An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5gitlab/gitlab_dast_api_scanner>=1.6.50, <2.11.0

▶NVDgitlab/dynamic_application_security_testing_analyzer1.6.50 — 2.11.0

🔴Vulnerability Details

GHSA

GHSA-5885-hj3c-73cr: An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1↗2023-03-28

▶

CVEList

CVE-2023-0326: An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1↗2023-03-27

▶

📋Vendor Advisories

GitLab

CVE-2023-0326: An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was lea↗2023-03-27

▶