First published: Thu Mar 09 2023(Updated: )
Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
Gitlab Dynamic Application Security Testing Analyzer | >=1.11.0<3.0.32 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-3767 is a vulnerability that affects the Gitlab Dynamic Application Security Testing Analyzer.
CVE-2022-3767 allows custom request headers to be sent with every request, regardless of the host, in versions 1.11.0 to 3.0.32 of Gitlab Dynamic Application Security Testing Analyzer.
CVE-2022-3767 has a severity rating of high (6.5).
Versions 1.11.0 to 3.0.32 of Gitlab Dynamic Application Security Testing Analyzer are affected by CVE-2022-3767.
To fix CVE-2022-3767, update Gitlab Dynamic Application Security Testing Analyzer to a version newer than 3.0.32.