CVE-2022-2592
6.5MEDIUMA lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a m
Publicado: 10/17/2022Atualizado: 5/13/2025
Descrição
A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.
Análise IADesenvolvido por IA
Produtos Afetados
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab
Referências
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.jsonThird Party Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/362566Broken LinkThird Party Advisory
- https://hackerone.com/reports/1544507Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.jsonThird Party Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/362566Broken LinkThird Party Advisory
- https://hackerone.com/reports/1544507Permissions RequiredThird Party Advisory