PT-2023-14179 · Gitlab · Gitlab Dast Analyzer

Joaxcaron

Published

2023-03-08

Updated

2025-03-04

CVE-2022-4315

CVSS v3.1

5.0

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab DAST analyzer versions 2.0 through 3.0.55

Description An issue has been discovered in the GitLab DAST analyzer, which sends custom request headers with every request on the authentication page.

Recommendations For versions 2.0 through 3.0.55, update to version 3.0.55 or later to resolve the issue.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BIT-GITLAB-2022-4315

CVE-2022-4315

Affected Products

Gitlab Dast Analyzer

PT-2023-14179 · Gitlab · Gitlab Dast Analyzer

CVE-2022-4315

Weakness Enumeration

Related Identifiers

Affected Products

References · 10