First published: Wed Mar 08 2023(Updated: )
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
Gitlab Dynamic Application Security Testing Analyzer | >=2.0.0<3.0.55 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-4315 is medium with a severity value of 6.5.
All versions of GitLab DAST analyzer starting from 2.0 before 3.0.55 are affected by CVE-2022-4315.
The issue in GitLab DAST analyzer caused by CVE-2022-4315 is the sending of custom request headers with every request on the authentication page.
Yes, references for CVE-2022-4315 can be found at the following locations: [https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4315.json](https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4315.json), [https://gitlab.com/gitlab-org/gitlab/-/issues/384995](https://gitlab.com/gitlab-org/gitlab/-/issues/384995), [https://hackerone.com/reports/1767525](https://hackerone.com/reports/1767525).
The Common Weakness Enumeration (CWE) ID for CVE-2022-4315 is CWE-863.