Sensitive Information Leak in DAST API Scanner by GitLab
CVE-2022-4206

6.5MEDIUM

Key Information:

Vendor: Gitlab
Status: Dast Api Scanner
Vendor: CVE Published:; 1 February 2023

Summary

A vulnerability has been found in the DAST API Scanner affecting all versions from 1.6.50 up to just before 2.0.102. This issue allows unauthorized exposure of sensitive information by disclosing the Authorization header within the vulnerability report generated by the scanner. This could lead to potential security risks, making it crucial for users to take measures to mitigate this vulnerability and ensure their API interactions remain protected.

Affected Version(s)

DAST API scanner >=1.6.50, <2.0.102

References

https://gitlab.com/gitlab-org/gitlab/-/issues/383083

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Nov 29, 2022

Credit

This vulnerability has been discovered internally by the GitLab team