Lucene search

PRIOn knowledge basePRION:CVE-2023-1401

HistoryJul 26, 2023 - 7:15 a.m.

Cross site scripting

2023-07-2607:15:00

PRIOn knowledge base

www.prio-n.com

gitlab

dast scanner

cross site scripting

version 3.0.29

version 4.0.5

authorization

cookie leakage

security issue.

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.3%

JSON

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

CPENameOperatorVersion
gitlabge3.0.29
gitlablt4.0.5

CPE	Name	Operator	Version
	gitlab	ge	3.0.29
	gitlab	lt	4.0.5

References

gitlab.com/gitlab-org/gitlab/-/issues/396533

hackerone.com/reports/1889255