CVE-2022-3767

Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json	Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/377473	Exploit Issue Tracking Patch Vendor Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json	Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/377473	Exploit Issue Tracking Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gitlab:dynamic_application_security_testing_analyzer:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:20

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json - Vendor Advisory~~	() https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json - Vendor Advisory
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/377473 - Exploit, Issue Tracking, Patch, Vendor Advisory~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/377473 - Exploit, Issue Tracking, Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 7.7

Information

Published : 2023-03-09 23:15

Updated : 2024-11-21 07:20

NVD link : CVE-2022-3767

Mitre link : CVE-2022-3767

CVE.ORG link : CVE-2022-3767

JSON object : View

Products Affected

gitlab

dynamic_application_security_testing_analyzer

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-3767", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-03-09T23:15:10.833", "references": [{"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json", "tags": ["Vendor Advisory"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/377473", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3767.json", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/377473", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host."}], "lastModified": "2024-11-21T07:20:12.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:dynamic_application_security_testing_analyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E20C5474-8A19-45AE-AF93-3628DCD74B63", "versionEndExcluding": "3.0.32", "versionStartIncluding": "1.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}