Lucene search

K
cvelistGitLabCVELIST:CVE-2021-22166
HistoryJan 15, 2021 - 3:13 p.m.

CVE-2021-22166

2021-01-1515:13:51
GitLab
www.cve.org
8
prometheus
denial of service
gitlab 13.7+
http request
malformed method

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

50.6%

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method

CNA Affected

[
  {
    "product": "GitLab",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": ">=13.7, <13.7.2"
      }
    ]
  }
]

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

50.6%