CVE-2022-2908
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/10/2022
Last modified:
13/05/2025
Description
A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 10.7.0 (including) | 15.1.5 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 10.7.0 (including) | 15.1.5 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 15.2 (including) | 15.2.3 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 15.2 (including) | 15.2.3 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 15.3 (including) | 15.3.1 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 15.3 (including) | 15.3.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2908.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/363734
- https://hackerone.com/reports/1584156
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2908.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/363734
- https://hackerone.com/reports/1584156
- https://gitlab.com/gitlab-org/gitlab/-/issues/363734