Vulnerability Description
A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report
CVSS Score
5.0
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Dast Api Scanner | >= 1.6.50, < 2.0.102 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4206.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/383083ExploitIssue TrackingVendor Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4206.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/383083ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2022-4206?
CVE-2022-4206 is a vulnerability with a CVSS score of 5.0 (MEDIUM). A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report
How severe is CVE-2022-4206?
CVE-2022-4206 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4206?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Dast Api Scanner.