CVE-2022-3283
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
17/10/2022
Last modified:
13/05/2025
Description
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 15.2.5 (excluding) | |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 15.2.5 (excluding) | |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 15.3 (including) | 15.3.4 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 15.3 (including) | 15.3.4 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 15.4 (including) | 15.4.1 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 15.4 (including) | 15.4.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/361982
- https://hackerone.com/reports/1543718
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/361982
- https://hackerone.com/reports/1543718