CVE-2022-4315
5.0
MEDIUM
CVSS 3.1
EPSS 0.20%
Description
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.
How to fix CVE-2022-4315
To remediate CVE-2022-4315, upgrade the affected package to a fixed version below.
- Bitnami/gitlab—upgrade to 3.0.55 or later
Is CVE-2022-4315 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 2.0.0, < 3.0.55
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |