CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0326
https://notcve.org/view.php?id=CVE-2023-0326
An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0326.json https://gitlab.com/gitlab-org/gitlab/-/issues/388132 https://hackerone.com/reports/1826896 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4317
https://notcve.org/view.php?id=CVE-2022-4317
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4317.json https://gitlab.com/gitlab-org/gitlab/-/issues/384997 https://hackerone.com/reports/1767533 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3767
https://notcve.org/view.php?id=CVE-2022-3767
Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json https://gitlab.com/gitlab-org/gitlab/-/issues/377473 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4315
https://notcve.org/view.php?id=CVE-2022-4315
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4315.json https://gitlab.com/gitlab-org/gitlab/-/issues/384995 https://hackerone.com/reports/1767525 • CWE-863: Incorrect Authorization •