Vulnerability Details : CVE-2023-0326
An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence.
Products affected by CVE-2023-0326
- Gitlab » Dynamic Application Security Testing AnalyzerVersions from including (>=) 1.6.50 and before (<) 2.11.0cpe:2.3:a:gitlab:dynamic_application_security_testing_analyzer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0326
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0326
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
3.1
|
1.4
|
GitLab Inc. | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2023-0326
-
https://gitlab.com/gitlab-org/gitlab/-/issues/388132
DAST API scanner exposes Authorization headers in vulnerability report evidence (#388132) · Issues · GitLab.org / GitLab · GitLabExploit;Vendor Advisory
-
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0326.json
2023/CVE-2023-0326.json · master · GitLab.org / cves · GitLabVendor Advisory
-
https://hackerone.com/reports/1826896
HackerOnePermissions Required
Jump to