CVE-2022-3767

HIGH

GitLab Dynamic Application Security Testing Analyzer 1.11.0-3.0.32 - Improper Input Validation in Custom Request Headers

Title source: llm

Description

Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.

References (2)

Core 2

Core References

Vendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json

Exploit, Issue Tracking, Patch, Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/377473

Scores

CVSS v3 7.7

EPSS 0.0021

EPSS Percentile 43.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (1)

gitlab/dynamic_application_security_testing_analyzer 1.11.0 - 3.0.32

Published Mar 09, 2023

Tracked Since Feb 18, 2026