CVE-2023-0326

Summary of CVE-2023-0326 (GitLab DAST API Scanner): Affects GitLab DAST API scanner versions 1.6.50 through 2.11.0. The root cause is leakage of Authorization headers in vulnerability report evidence, exposing credentials in reports. Documented impact is access to sensitive authorization data via...

CVE-2022-3767

GitLab CVE-2022-3767 affects the DAST analyzer in GitLab where missing validation allows custom request headers to be sent with every request, regardless of host, for all versions 1.11.0 up to 3.0.31. The impact includes potential exposure of sensitive data (confidentiality impact) as indicated b...

CVE-2022-4317

CVE-2022-4317 affects GitLab DAST analyzer versions 1.47 through 3.0.50, due to sending custom request headers in redirects. Impact details are not explicitly stated in the provided docs. Remediation: upgrade to version 3.0.51 or later. Exploitation status is not provided in the connected sources.

CVE-2022-4315

GitLab DAST analyzer (versions 2.0 up to, but not including, 3.0.55) is affected by CVE-2022-4315. The issue arises from the analyzer sending custom request headers with every request on the authentication page. This has been characterized with a CVSS baseline of 6.5 (MEDIUM) by NVD, with Network...