Lucene search
GitLabCVE-2022-4315HistoryMar 08, 2023 - 11:15 p.m.
CVE-2022-4315
2023-03-0823:15:10
CWE-863
GitLab
web.nvd.nist.gov
27
cve-2022-4315
gitlab
dast
analyzer
security
vulnerability
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
41.7%
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.
Affected configurations
Node
gitlabdynamic_application_security_testing_analyzerRange2.0.0–3.0.55
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gitlab | dynamic_application_security_testing_analyzer | * | cpe:2.3:a:gitlab:dynamic_application_security_testing_analyzer:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "GitLab",
"product": "GitLab",
"versions": [
{
"version": ">=2.0, <3.0.55",
"status": "affected"
}
]
}
]Related
prion
prion
Authentication flaw
2023-03-08 23:15:00
osv
osv
CVE-2022-4315
2023-03-08 23:15:00
nessus
nessus
GitLab 2.0 < 3.0.55 (CVE-2022-4315)
2024-05-17 00:00:00
nvd
nvd
CVE-2022-4315
2023-03-08 23:15:10
cvelist
cvelist
CVE-2022-4315
2023-03-08 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
41.7%
Related for CVE-2022-4315