CVE-2022-3767

Summary

Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.

Affected Software

VendorProductVersion RangeStatus
GitLabDAST>=1.11, <3.0.32affected

Weaknesses

  • Vulnerability in DAST

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References