Lucene search

GitLabCVELIST:CVE-2022-4315

HistoryMar 08, 2023 - 12:00 a.m.

CVE-2022-4315

2023-03-0800:00:00

GitLab

www.cve.org

gitlab

dast analyzer

custom request headers

authentication page

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

JSON

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.

CNA Affected

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "versions": [
      {
        "version": ">=2.0, <3.0.55",
        "status": "affected"
      }
    ]
  }
]

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4315.json

gitlab.com/gitlab-org/gitlab/-/issues/384995

hackerone.com/reports/1767525

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

JSON

Related for CVELIST:CVE-2022-4315