CVE-2023-1401

Опубликовано: 26 июл. 2023

Источник: nvd

CVSS3: 5

CVSS3: 4.3

EPSS Низкий

Описание

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

Ссылки

https://gitlab.com/gitlab-org/gitlab/-/issues/396533
Exploit
Issue Tracking
Vendor Advisory
https://hackerone.com/reports/1889255
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/396533
Exploit
Issue Tracking
Vendor Advisory
https://hackerone.com/reports/1889255
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Версия от 3.0.29 (включая) до 4.0.5 (исключая)

EPSS

Процентиль: 27%

0.00096

Низкий

5 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-201

NVD-CWE-Other

Связанные уязвимости

GHSA-cjjr-h37f-5xw7

CVSS3: 5

github

больше 2 лет назад

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

EPSS

Процентиль: 27%

0.00096

Низкий

5 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-201

NVD-CWE-Other