CVE-2022-1428

🗓️ 11 May 2022 14:40:27Reported by GitLabType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 111 Views

GitLab version before 14.8.6, 14.9 before 14.9.4, and 14.10 before 14.10.1 improperly verifies throttling limits for authenticated package requests, leading to unenforced limits

Reporter	Title	Published	Views	Family All 14
CNNVD	GitLab 输入验证错误漏洞	3 May 202200:00	–	cnnvd
Cvelist	CVE-2022-1428	11 May 202214:40	–	cvelist
EUVD	EUVD-2022-24742	3 Oct 202520:07	–	euvd
Tenable Nessus	GitLab < 14.8.6 / 14.9.x < 14.9.4 / 14.10.x < 14.10.1 Multiple Vulnerabilities	6 May 202200:00	–	nessus
Tenable Nessus	GitLab < 14.8.6 (CVE-2022-1428)	3 Jan 202400:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab Community Edition and Enterprise Edition	3 May 202200:00	–	ncsc
NVD	CVE-2022-1428	11 May 202215:15	–	nvd
OpenVAS	GitLab < 14.8.6, 14.9.x < 14.9.4, 14.10.x < 14.10.1 DoS Vulnerability	14 Jun 202200:00	–	openvas
OSV	BIT-GITLAB-2022-1428	6 Mar 202411:16	–	osv
OSV	CVE-2022-1428	11 May 202214:40	–	osv

NVD

Vulners

Node

gitlab gitlabRange<14.8.6community

gitlab gitlabRange<14.8.6enterprise

gitlab gitlabRange14.9.0–14.9.4community

gitlab gitlabRange14.9.0–14.9.4enterprise

gitlab gitlabMatch14.10.0community

gitlab gitlabMatch14.10.0enterprise

[
  {
    "product": "GitLab",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": "<14.8.6"
      },
      {
        "status": "affected",
        "version": ">=14.9, <14.9.4"
      },
      {
        "status": "affected",
        "version": ">=14.10, <14.10.1"
      }
    ]
  }
]

Source	Link
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/342481
gitlab	www.gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1428.json

21 Nov 2024 06:40Current

4.2Medium risk

Vulners AI Score4.2

CVSS 24

CVSS 3.14.3

EPSS0.00139

CWE-770