CVE-2022-4315

Опубликовано: 08 мар. 2023

Источник: nvd

CVSS3: 5

CVSS3: 6.5

EPSS Низкий

Описание

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4315.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/384995
Exploit
Vendor Advisory
https://hackerone.com/reports/1767525
Permissions Required
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4315.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/384995
Exploit
Vendor Advisory
https://hackerone.com/reports/1767525
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gitlab:dynamic_application_security_testing_analyzer:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 3.0.55 (исключая)

EPSS

Процентиль: 27%

0.00098

Низкий

5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-342h-3rmj-qwv4

CVSS3: 6.5

github

почти 3 года назад

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.

EPSS

Процентиль: 27%

0.00098

Низкий

5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-863