First published: Mon Mar 27 2023(Updated: )
An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
Gitlab Dynamic Application Security Testing Analyzer | >=1.6.50<2.11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-0326.
CVE-2023-0326 has a severity rating of 4.3 (medium).
All versions starting from 1.6.50 before 2.11.0 of GitLab DAST API scanner are affected.
This vulnerability allows leaked Authorization headers in the vulnerability report evidence.
Yes, you can find additional information and references at the following links: [CVE-2023-0326 JSON](https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0326.json), [GitLab Issue #388132](https://gitlab.com/gitlab-org/gitlab/-/issues/388132), [HackerOne Report #1826896](https://hackerone.com/reports/1826896).