CVE-2023-1401

medium

Description

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

References

https://hackerone.com/reports/1889255

https://gitlab.com/gitlab-org/gitlab/-/issues/396533

Details

Source: Mitre, NVD

Published: 2023-07-26

Updated: 2024-10-08

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N