CVE-2022-2592

Summary

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=12.9.8, <15.1.6affected
GitLabGitLab>=15.2, <15.2.4affected
GitLabGitLab>=15.3, <15.3.2affected

Weaknesses

  • Uncontrolled resource consumption in GitLab

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References