CVE-2023-1401 MEDIUM

CVE-2023-1401: Insertion of Sensitive Information Into Sent Data in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-201
Published July 26, 2023
Last update November 20, 2025

CVSS base score

5.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

Key dates

02Disclosure timeline

July 26, 2023 CVE published
November 20, 2025 Record updated

Related vulnerabilities

04Related CVE