CVE-2023-1401

Published: Jul 26, 2023Modified: May 5, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

Affected (1)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 3.0.29 to 4.0.5

Related CWEs

CWE-201

Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References (4)

https://gitlab.com/gitlab-org/gitlab/-/issues/396533

Source: cve@gitlab.com

ExploitIssue TrackingVendor Advisory

https://hackerone.com/reports/1889255

Source: cve@gitlab.com

Permissions RequiredThird Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/396533

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

https://hackerone.com/reports/1889255

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.