CVE-2022-4206

Summary

A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report

Affected Software

VendorProductVersion RangeStatus
GitLabDAST API scanner>=1.6.50, <2.0.102affected

Weaknesses

  • Information exposure in DAST API scanner

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References