6.5

CVE-2022-2592

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitlab SwEditioncommunity Version < 15.1.6
GitlabGitlab SwEditionenterprise Version < 15.1.6
GitlabGitlab SwEditioncommunity Version >= 15.2 < 15.2.4
GitlabGitlab SwEditionenterprise Version >= 15.2 < 15.2.4
GitlabGitlab SwEditioncommunity Version >= 15.3 < 15.3.2
GitlabGitlab SwEditionenterprise Version >= 15.3 < 15.3.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.648
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cve@gitlab.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://hackerone.com/reports/1544507
Third Party Advisory
Permissions Required