Vulnerability Details : CVE-2022-3767
Potential exploit
Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.
Products affected by CVE-2022-3767
- Gitlab » Dynamic Application Security Testing AnalyzerVersions from including (>=) 1.11.0 and before (<) 3.0.32cpe:2.3:a:gitlab:dynamic_application_security_testing_analyzer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3767
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3767
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
3.1
|
4.0
|
GitLab Inc. | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-3767
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2022-3767
-
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json
2022/CVE-2022-3767.json · master · GitLab.org / cves · GitLabVendor Advisory
-
https://gitlab.com/gitlab-org/gitlab/-/issues/377473
Restrict sending custom request headers to allowed hosts (#377473) · Issues · GitLab.org / GitLab · GitLabExploit;Issue Tracking;Patch;Vendor Advisory
Jump to