How severe is CVE-2022-2592?

CVE-2022-2592 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2022-2592

Name: gitlab
Author: gitlab

6.5MEDIUM

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a m

发布于: 10/17/2022更新于: 5/13/2025

描述

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.

AI分析AI驱动

受影响产品

gitlabgitlab

参考资料

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/362566
Broken LinkThird Party Advisory
https://hackerone.com/reports/1544507
Permissions RequiredThird Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/362566
Broken LinkThird Party Advisory
https://hackerone.com/reports/1544507
Permissions RequiredThird Party Advisory