CVE-2022-3767

medium

Description

Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/377473

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json

Details

Source: Mitre, NVD

Published: 2023-03-09

Updated: 2023-03-15

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N