Lucene search

GoogleOSV:BIT-GITLAB-2021-22187

HistoryMar 06, 2024 - 11:20 a.m.

BIT-gitlab-2021-22187

2024-03-0611:20:20

Google

osv.dev

issue

gitlab

resource exhaustion

running jobs

pending jobs

project deletion

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.

References

gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22187.json

gitlab.com/gitlab-org/gitlab/-/issues/300452

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

Related for OSV:BIT-GITLAB-2021-22187