CVE-2023-1401 - Vulnerability Details - OpenCVE

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00096.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-23657	An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

Fixes

Solution

Upgrade to versions 4.0.5 or above.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://gitlab.com/gitlab-org/gitlab/-/issues/396533
https://hackerone.com/reports/1889255

History

Tue, 08 Oct 2024 20:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-668	NVD-CWE-Other

Thu, 03 Oct 2024 07:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200

Thu, 03 Oct 2024 06:30:00 +0000

Type	Values Removed	Values Added
Title	Exposure of Sensitive Information to an Unauthorized Actor in GitLab	Insertion of Sensitive Information Into Sent Data in GitLab
Weaknesses		CWE-201

Thu, 19 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-07-26T06:01:46.447Z

Updated: 2025-05-22T04:05:03.542Z

Reserved: 2023-03-14T16:20:00.289Z

Link: CVE-2023-1401

Vulnrichment

Updated: 2024-08-02T05:49:11.372Z

NVD

Status : Analyzed

Published: 2023-07-26T07:15:09.103

Modified: 2025-05-05T14:14:52.670

Link: CVE-2023-1401

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1401", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-03-14T16:20:00.289Z", "datePublished": "2023-07-26T06:01:46.447Z", "dateUpdated": "2025-05-22T04:05:03.542Z"}, "containers": {"cna": {"title": "Insertion of Sensitive Information Into Sent Data in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "3.0.29", "status": "affected", "lessThan": "4.0.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-201: Insertion of Sensitive Information Into Sent Data", "cweId": "CWE-201", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/396533", "name": "GitLab Issue #396533", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/1889255", "name": "HackerOne Bug Bounty Report #1889255", "tags": ["technical-description", "exploit", "permissions-required", "broken-link"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 4.0.5 or above."}], "credits": [{"lang": "en", "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-05-22T04:05:03.542Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:49:11.372Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/396533", "name": "GitLab Issue #396533", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/1889255", "name": "HackerOne Bug Bounty Report #1889255", "tags": ["technical-description", "exploit", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T14:03:48.092750Z", "id": "CVE-2023-1401", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T14:04:16.310Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/396533", "name": "GitLab Issue #396533", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/1889255", "name": "HackerOne Bug Bounty Report #1889255", "tags": ["technical-description", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:49:11.372Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1401", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-30T14:03:48.092750Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T14:04:10.979Z"}}], "cna": {"title": "Insertion of Sensitive Information Into Sent Data in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "3.0.29", "lessThan": "4.0.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 4.0.5 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/396533", "name": "GitLab Issue #396533", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/1889255", "name": "HackerOne Bug Bounty Report #1889255", "tags": ["technical-description", "exploit", "permissions-required", "broken-link"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-201", "description": "CWE-201: Insertion of Sensitive Information Into Sent Data"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-05-22T04:05:03.542Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1401", "state": "PUBLISHED", "dateUpdated": "2025-05-22T04:05:03.542Z", "dateReserved": "2023-03-14T16:20:00.289Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2023-07-26T06:01:46.447Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "matchCriteriaId": "F96480B2-9541-4E3E-BD5E-A93D2AA8D8D3", "versionEndExcluding": "4.0.5", "versionStartIncluding": "3.0.29", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization."}], "id": "CVE-2023-1401", "lastModified": "2025-05-05T14:14:52.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-26T07:15:09.103", "references": [{"source": "cve@gitlab.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/396533"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1889255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/396533"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1889255"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-201"}], "source": "cve@gitlab.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}