Lucene search

K

[email protected]NVD:CVE-2022-2908

HistoryOct 17, 2022 - 4:15 p.m.

CVE-2022-2908

2022-10-1716:15:21

CWE-1333

[email protected]

web.nvd.nist.gov

dos vulnerability

gitlab ce/ee

high cpu usage

commit message field

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

45.4%

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.

Affected configurations

NVD

Node

gitlabgitlabRange10.7.0–15.1.5community

OR

gitlabgitlabRange10.7.0–15.1.5enterprise

OR

gitlabgitlabRange15.2–15.2.3community

OR

gitlabgitlabRange15.2–15.2.3enterprise

OR

gitlabgitlabRange15.3–15.3.1community

OR

gitlabgitlabRange15.3–15.3.1enterprise

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2908.json

gitlab.com/gitlab-org/gitlab/-/issues/363734

hackerone.com/reports/1584156

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

45.4%

Related for NVD:CVE-2022-2908

osv2 prion1 nessus2 cve1 ubuntucve1 veracode1 debiancve1 cvelist1 freebsd1