CVE-2023-0326

Summary

An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab DAST API scanner>=1.6.50, <2.11.0affected

Weaknesses

  • Information exposure in GitLab DAST API scanner

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References