gitlab dynamic-application-security-testing-analyzer CVE-2022-3767 is a vulnerability in GitLab Dynamic Application Security Testing Analyzer
Published on March 9, 2023

Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.

NVD

Vulnerability Analysis

CVE-2022-3767 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.


Products Associated with CVE-2022-3767

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-3767 are published in GitLab Dynamic Application Security Testing Analyzer:

GitLab Dynamic Application Security Testing Analyzer
 

Affected Versions

GitLab DAST Version >=1.11, <3.0.32 is affected by CVE-2022-3767

Exploit Probability

EPSS
0.19%
Percentile
40.62%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.