CVE-2022-4315

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-4315
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4315.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-4315
Aliases
Published
2023-03-08T00:00:00Z
Modified
2025-12-04T10:38:54.168901Z
Severity
  • 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/4xxx/CVE-2022-4315.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/security-products/dast

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/security-products/dast
Events
Introduced
bcd53f7f4e9e74af2233cb651155eaab282bac52
Fixed
90130de506cae25adc7a5db0d43400916b81c575

Affected versions

v2.*
v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.1
v2.10.0
v2.11.0
v2.12.0
v2.13.0
v2.14.0
v2.15.0
v2.16.0
v2.17.0
v2.18.0
v2.19.0
v2.2.0
v2.20.0
v2.21.0
v2.22.0
v2.23.0
v2.24.0
v2.25.0
v2.26.0
v2.27.0
v2.28.0
v2.3.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.8.0
v2.9.0
v3.*
v3.0.0
v3.0.1
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.18
v3.0.19
v3.0.2
v3.0.20
v3.0.21
v3.0.22
v3.0.23
v3.0.24
v3.0.25
v3.0.26
v3.0.27
v3.0.28
v3.0.29
v3.0.3
v3.0.30
v3.0.31
v3.0.32
v3.0.33
v3.0.34
v3.0.35
v3.0.36
v3.0.37
v3.0.38
v3.0.39
v3.0.4
v3.0.40
v3.0.41
v3.0.42
v3.0.43
v3.0.44
v3.0.45
v3.0.46
v3.0.47
v3.0.48
v3.0.49
v3.0.5
v3.0.50
v3.0.51
v3.0.52
v3.0.53
v3.0.54
v3.0.6
v3.0.7
v3.0.8
v3.0.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4315.json"