CVE-2022-4206

5MEDIUM

Key Information:

Vendor: Gitlab
Status: Dast Api Scanner
Vendor: CVE Published:; 1 February 2023

Summary

A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report

Affected Version(s)

DAST API scanner >=1.6.50, <2.0.102

References

https://gitlab.com/gitlab-org/gitlab/-/issues/383083

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Nov 29, 2022

Collectors

NVD DatabaseMitre Database

Credit

This vulnerability has been discovered internally by the GitLab team