6.5

CVE-2022-2455

A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitlab SwEditioncommunity Version >= 10.0.0 < 15.1.6
GitlabGitlab SwEditionenterprise Version >= 10.0.0 < 15.1.6
GitlabGitlab SwEditioncommunity Version >= 15.2 < 15.2.4
GitlabGitlab SwEditionenterprise Version >= 15.2 < 15.2.4
GitlabGitlab SwEditioncommunity Version >= 15.3 < 15.3.2
GitlabGitlab SwEditionenterprise Version >= 15.3 < 15.3.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.502
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cve@gitlab.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://hackerone.com/reports/1542230
Third Party Advisory
Permissions Required