CVE-2022-4315

CVE Database · CVE-2022-4315

CVE-2022-4315

· MEDIUMModified

CVSS v3.1

5.0

EPSS

0.80%

Published

Mar 8, 2023

Modified

Mar 4, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Weaknesses (CWE)

CWE-863CWE-863

Affected Products (1)

gitlab · dynamic_application_security_testing_analyzer (up to 3.0.55)vulnerable

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4315.json

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/384995

ExploitVendor Advisory

https://hackerone.com/reports/1767525

Permissions Required