CVE-2022-2592
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/10/2022
Last modified:
13/05/2025
Description
A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 15.1.6 (excluding) | |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 15.1.6 (excluding) | |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 15.2 (including) | 15.2.4 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 15.2 (including) | 15.2.4 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 15.3 (including) | 15.3.2 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 15.3 (including) | 15.3.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/362566
- https://hackerone.com/reports/1544507
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/362566
- https://hackerone.com/reports/1544507