GitLab: Unauthorized Modification of DAST Scans and Variable Leakage - Proactive Insights and Support For Open-Source Applications

In GitLab versions starting from 13.3 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2 a medium severity vulnerability CVE-2024-2743 was detected. This vulnerability allows attackers to unauthorized modify on-demand DAST scans, potentially leading to the leakage of sensitive variables and compromising the security of the system. To fix this issue, users should upgrade GitLab to versions 17.1.7, 17.2.5, 17.3.2, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-2743.