How severe is CVE-2022-2592?

CVE-2022-2592 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2022-2592

Name: gitlab
Author: gitlab

6.5MEDIUM

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a m

公開日: 10/17/2022更新日: 5/13/2025

説明

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.

AI分析AIによる分析

影響を受ける製品

gitlabgitlab

参照

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/362566
Broken LinkThird Party Advisory
https://hackerone.com/reports/1544507
Permissions RequiredThird Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/362566
Broken LinkThird Party Advisory
https://hackerone.com/reports/1544507
Permissions RequiredThird Party Advisory