A security vulnerability (CVE-2023-0326) has been discovered in GitLab's DAST API scanner affecting all versions starting from 1.6.50 before 2.11.. This vulnerability causes potentially sensitive information present in Authorization headers to be leaked in vulnerability report evidence. This could enable potential attackers to gain unauthorized access to restricted resources, leading to further system compromise. This blog post will provide an overview of the vulnerability, a code snippet showcasing the issue, along with links to original references and details about the exploit.

Risk: Medium

In GitLab DAST API scanner, while generating the vulnerability report evidence, the Authorization headers were mistakenly included in the output. This header, which contains sensitive information such as API keys and tokens, could be exposed to unauthorized individuals. This information could then be leveraged by an attacker to access restricted resources, potentially leading to an escalation of privileges or further compromise of the GitLab instance.

The following code snippet showcases the issue present in the GitLab DAST API scanner

// Example of a leaked Authorization header in a vulnerability report
{
  "Method": "GET",
  "URL": "https://example.com/api/v1/endpoint";,
  "RequestHeaders": {
    "User-Agent": "GitLab-DAST-API-Scanner",
    "Accept": "application/json",
    "Authorization": "Bearer leaked-api-key-goes-here"    // Leaked API key
  }
}

Exploit Details

An attacker could exploit this vulnerability by gaining access to the vulnerability report evidence, which may contain Authorization headers with sensitive data. Once the attacker has the sensitive data, they could potentially use it to gain unauthorized access to restricted resources or escalate their privileges within the GitLab instance. It is worth noting that the attacker would need to have access to the vulnerability report evidence, which is typically only available to authenticated GitLab users with appropriate permissions.

Mitigation and Resolution

GitLab has acknowledged and addressed this issue in version 2.11.. All users running vulnerable versions of the GitLab DAST API scanner (1.6.50 to 2.10.9) are strongly encouraged to upgrade to version 2.11. or later as soon as possible to mitigate the risk associated with this vulnerability.

Original References

1. GitLab Security Release: https://about.gitlab.com/releases/2023/05/22/security-release-gitlab-2-11/
2. GitLab Issue Tracker: https://gitlab.com/gitlab-org/security-products/dast/-/issues/56
3. NVD - CVE-2023-0326: https://nvd.nist.gov/vuln/detail/CVE-2023-0326

Conclusion

It is crucial to stay updated with the latest security patches and updates to ensure the safety of your applications and data. It is also essential to ensure that sensitive information is handled securely and not leaked inadvertently. By staying proactive in addressing security issues, users can mitigate the risk associated with potential vulnerabilities in their software stack, preventing unauthorized access and maintaining a strong security posture.

Timeline

Published on: 03/27/2023 22:15:00 UTC
Last modified on: 04/03/2023 18:04:00 UTC