Lucene search

GoogleOSV:CVE-2023-0326

HistoryMar 27, 2023 - 10:15 p.m.

CVE-2023-0326

2023-03-2722:15:21

Google

osv.dev

gitlab

dast

api

scanner

vulnerability

authorization headers

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.1%

JSON

An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence.

CPENameOperatorVersion
dasteq1.36.0
dasteq1.32.0
dasteq1.20.0
dasteq1.33.0
dasteq2.5.0
dasteq2.1.0
dasteq1.22.0
dasteq1.39.0
dasteq1.7.0
dasteq1.4.0

Name	Operator	Version
dast	eq	1.36.0
dast	eq	1.32.0
dast	eq	1.20.0
dast	eq	1.33.0
dast	eq	2.5.0
dast	eq	2.1.0
dast	eq	1.22.0
dast	eq	1.39.0
dast	eq	1.7.0
dast	eq	1.4.0

Rows per page:

1-10 of 961

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0326.json

gitlab.com/gitlab-org/gitlab/-/issues/388132

hackerone.com/reports/1826896