CVE-2022-4317

5MEDIUM

Key Information:

Vendor: Gitlab
Status: Dast
Vendor: CVE Published:; 9 March 2023

Summary

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects.

Affected Version(s)

DAST >=1.47, <3.0.51

References

https://gitlab.com/gitlab-org/gitlab/-/issues/384997

https://hackerone.com/reports/1767533

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 9, 2023
Vulnerability Reserved
Dec 6, 2022

Collectors

NVD DatabaseMitre Database

Credit

Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program