CVE-2022-3767

HIGH

Gitlab Dynamic Application Security T... - Improper Input Validation

Title source: rule

Description

Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.

References (2)

[Vendor Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json

[Exploit, Issue Tracking, Patch, Vendor Advisory] https://gitlab.com/gitlab-org/gitlab/-/issues/377473

Scores

CVSS v3 7.7

EPSS 0.0020

EPSS Percentile 41.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-20

Status published

Affected Products (1)

gitlab/dynamic_application_security_testing_analyzer < 3.0.32

Timeline

Published Mar 09, 2023

Tracked Since Feb 18, 2026