119 matches found
CVE-2023-1401
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization...
CVE-2023-0326
An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence...
CVE-2022-4315
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page...
CVE-2022-4206
A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report...
CVE-2022-4317
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects...
Malicious code in nemo-dast-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38ea0189209023ae2d04586bfbc3d791022f0fa6052dee65ec03832a80ce67a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3073 Malicious code in nemo-dast-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38ea0189209023ae2d04586bfbc3d791022f0fa6052dee65ec03832a80ce67a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mocha-dast-reporter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09f8297f30739d5810d9dfb46db787d2d403256217f71cbd9b85c5e8671ff8f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2344 Malicious code in mocha-dast-reporter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09f8297f30739d5810d9dfb46db787d2d403256217f71cbd9b85c5e8671ff8f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-3767
Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host...
BIT-GITLAB-2022-4315
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page...
VegaBird Vooki 5.2.9 DLL Hijacking
==================================== CVE ID: CVE-2024-45874 Author: Iulian Florea Vendor: VegaBird Product: Vooki - Dynamic Web Application & REST API Vulnerability Scanner DAST Tool Vulnerability Type: DLL Hijacking ==================================== ==================================== Summar...
BIT-GITLAB-2024-2743 Incorrect Authorization in GitLab
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...
CVE-2024-2743
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...
CVE-2024-2743 Incorrect Authorization in GitLab
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...
CVE-2024-2743
CVE-2024-2743 affects GitLab-EE: vulnerable in versions 13.3–before 17.1.7, 17.2–before 17.2.5, and 17.3–before 17.3.2. Root cause described as incorrect authorization that allows an attacker to modify an on-demand DAST scan without permissions and leak variables. Impact is the ability to alter s...
CVE-2024-2743 Incorrect Authorization in GitLab
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...
CVE-2024-2743 Incorrect Authorization in GitLab
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...
CVE-2024-2743
Removed by vendor...
GitLab 13.3 < 17.1.7 / 17.2 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-2743)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without...