CVE-2022-2592
6.5MEDIUMA lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a m
Veröffentlicht: 10/17/2022Aktualisiert: 5/13/2025
Beschreibung
A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.
KI-AnalyseKI-gestützt
Betroffene Produkte
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab
Referenzen
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.jsonThird Party Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/362566Broken LinkThird Party Advisory
- https://hackerone.com/reports/1544507Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.jsonThird Party Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/362566Broken LinkThird Party Advisory
- https://hackerone.com/reports/1544507Permissions RequiredThird Party Advisory