CVE-2022-4315

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 51.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Dynamic Application Security Testing Analyzer Gitlab Gitlab

Timeline

PublishedMar 8

Latest updateMar 9

Description

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages2 packages

▶NVDgitlab/dynamic_application_security_testing_analyzer2.0.0 — 3.0.55

▶CVEListV5gitlab/gitlab>=2.0, <3.0.55

🔴Vulnerability Details

GHSA

GHSA-342h-3rmj-qwv4: An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2↗2023-03-09

▶

CVEList

CVE-2022-4315: An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2↗2023-03-08

▶

📋Vendor Advisories

GitLab

CVE-2022-4315: An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with e↗2023-03-08

▶