CVE-2022-4315

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-4315

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4315.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-4315

Aliases

BIT-gitlab-2022-4315

Published

2023-03-08T00:00:00Z

Modified

2026-03-14T11:55:05.832900Z

Severity

5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/4xxx/CVE-2022-4315.json",
    "cna_assigner": "GitLab"
}

References

Affected packages

Git / gitlab.com/gitlab-org/security-products/dast

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/security-products/dast

Events

Introduced

bcd53f7f4e9e74af2233cb651155eaab282bac52

Fixed

90130de506cae25adc7a5db0d43400916b81c575

Database specific

{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "3.0.55"
        }
    ]
}

Affected versions

v2.*

v2.0.0

v2.0.1

v2.0.10

v2.0.11

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.14.0

v2.15.0

v2.16.0

v2.17.0

v2.18.0

v2.19.0

v2.2.0

v2.20.0

v2.21.0

v2.22.0

v2.23.0

v2.24.0

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.3.0

v2.4.0

v2.5.0

v2.6.0

v2.7.0

v2.8.0

v2.9.0

v3.*

v3.0.0

v3.0.1

v3.0.11

v3.0.12

v3.0.13

v3.0.14

v3.0.15

v3.0.16

v3.0.17

v3.0.18

v3.0.19

v3.0.2

v3.0.20

v3.0.21

v3.0.22

v3.0.23

v3.0.24

v3.0.25

v3.0.26

v3.0.27

v3.0.28

v3.0.29

v3.0.3

v3.0.30

v3.0.31

v3.0.32

v3.0.33

v3.0.34

v3.0.35

v3.0.36

v3.0.37

v3.0.38

v3.0.39

v3.0.4

v3.0.40

v3.0.41

v3.0.42

v3.0.43

v3.0.44

v3.0.45

v3.0.46

v3.0.47

v3.0.48

v3.0.49

v3.0.5

v3.0.50

v3.0.51

v3.0.52

v3.0.53

v3.0.54

v3.0.6

v3.0.7

v3.0.8

v3.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4315.json"