CVE-2022-2592

Published: Oct 17, 2022Modified: May 13, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	Before 15.1.6
Gitlab Gitlab	From 15.2 to 15.2.4
Gitlab Gitlab	From 15.3 to 15.3.2
Gitlab Gitlab	Before 15.1.6
Gitlab Gitlab	From 15.2 to 15.2.4
Gitlab Gitlab	From 15.3 to 15.3.2

Related CWEs

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json

Source: cve@gitlab.com

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/362566

Source: cve@gitlab.com

Broken LinkThird Party Advisory

https://hackerone.com/reports/1544507

Source: cve@gitlab.com

Permissions RequiredThird Party Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/362566

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://hackerone.com/reports/1544507

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.