CVE-2022-3411

Summary

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=12.4, <15.6.7affected
GitLabGitLab>=15.7, <15.7.6affected
GitLabGitLab>=15.8, <15.8.1affected

Weaknesses

  • Uncontrolled resource consumption in GitLab

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References