Redirect Vulnerability in GitLab DAST Analyzer
CVE-2022-4317

5MEDIUM

Key Information:

Vendor: Gitlab
Status: Dast
Vendor: CVE Published:; 9 March 2023

Summary

A security issue exists in the GitLab DAST Analyzer that allows for the manipulation of custom request headers during redirects. This vulnerability affects all versions of the DAST Analyzer from 1.47 up to, but not including, 3.0.51. Attackers may exploit this flaw to conduct malicious actions, making it critical for users to apply updates to mitigate risks associated with untrusted redirects.

Affected Version(s)

DAST >=1.47, <3.0.51

References

https://gitlab.com/gitlab-org/gitlab/-/issues/384997

https://hackerone.com/reports/1767533

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 9, 2023
Vulnerability Reserved
Dec 6, 2022

Credit

Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program