Login Sign Up

CVE-2023-0326

5.0 MEDIUM

📋 TL;DR

This vulnerability in GitLab DAST API scanner versions 1.6.50 through 2.10.x leaks Authorization headers in vulnerability report evidence. This exposes authentication tokens and credentials to users with access to vulnerability reports. All GitLab instances using the affected DAST API scanner versions are impacted.

💻 Affected Systems

Products:
  • GitLab DAST API scanner
Versions: 1.6.50 through 2.10.x (all versions before 2.11.0)
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects GitLab instances using the DAST API scanner feature. The vulnerability is in the scanner itself, not the main GitLab application.

📦 What is this software?

Dynamic Application Security Testing Analyzer by Gitlab

View all CVEs affecting Dynamic Application Security Testing Analyzer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers with access to vulnerability reports could steal authentication tokens, potentially gaining unauthorized access to internal systems or sensitive data.

🟠

Likely Case

Internal users or automated systems with report access inadvertently expose credentials, leading to credential leakage within the organization.

🟢

If Mitigated

With proper access controls limiting vulnerability report access, impact is minimal as only authorized security personnel would see the leaked headers.

🌐 Internet-Facing: MEDIUM - If vulnerability reports are accessible externally or through integrations, credentials could be exposed to attackers.
🏢 Internal Only: MEDIUM - Internal users with report access could misuse or accidentally expose leaked credentials.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - No technical exploitation required; simply viewing vulnerability reports reveals the headers.

Exploitation requires access to vulnerability reports generated by the DAST API scanner. This is typically an information disclosure issue rather than an active attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.11.0

Vendor Advisory: https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0326.json

Restart Required: No

Instructions:

1. Update GitLab DAST API scanner to version 2.11.0 or later. 2. For GitLab Ultimate/self-managed: Update through GitLab's package manager. 3. For GitLab.com SaaS: Already patched by GitLab. 4. Verify scanner version after update.

🔧 Temporary Workarounds

Restrict vulnerability report access

all

Limit access to DAST vulnerability reports to only essential security personnel.

Disable DAST API scanner

all

Temporarily disable the DAST API scanner feature until patched.

In GitLab CI/CD configuration, remove or comment out DAST API scanner job definitions.

🧯 If You Can't Patch

  • Implement strict access controls on vulnerability reports to limit exposure
  • Monitor access logs to vulnerability reports for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check GitLab DAST API scanner version. If between 1.6.50 and 2.10.x, you are vulnerable.

Check Version:

Check GitLab CI/CD pipeline logs for DAST API scanner version output, or review scanner configuration in .gitlab-ci.yml

Verify Fix Applied:

Verify scanner version is 2.11.0 or later. Check that Authorization headers no longer appear in vulnerability report evidence.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to vulnerability reports
  • Unusual patterns of report access

Network Indicators:

  • Unexpected external requests to vulnerability report endpoints

SIEM Query:

source="gitlab" AND (event="vulnerability_report_access" OR resource="dast_reports") AND user NOT IN [authorized_users]

📊 Metadata

CVE ID: CVE-2023-0326
CVSS v3 Score: 5.0 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Published: March 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON