Lucene search

PRIOn knowledge basePRION:CVE-2022-4317

HistoryMar 09, 2023 - 8:15 p.m.

Cross site request forgery (csrf)

2023-03-0920:15:00

PRIOn knowledge base

www.prio-n.com

gitlab

dast analyzer

version

csrf

security issue

request headers

redirects

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.0%

JSON

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects.

CPENameOperatorVersion
dynamic_application_security_testing_analyzerge1.47.0
dynamic_application_security_testing_analyzerlt3.0.51

CPE	Name	Operator	Version
	dynamic_application_security_testing_analyzer	ge	1.47.0
	dynamic_application_security_testing_analyzer	lt	3.0.51

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4317.json

gitlab.com/gitlab-org/gitlab/-/issues/384997

hackerone.com/reports/1767533