CVE-2022-0151 — Improper Input Validation in Gitlab

CWE-20 — Improper Input Validation CWE-264 CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources

Severity

4.9MEDIUMNVD

CISA9.8CISA7.8

EPSS

0.3%

top 50.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedJan 18

Latest updateJun 8

Description

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

▶NVDgitlab/gitlab12.10 — 14.4.5+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=12.10, <14.4.5, >=14.5.0, <14.5.3, >=14.6.0, <14.6.2+2

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-c9xg-h9c4-4vv6: An issue has been discovered in GitLab affecting all versions starting from 12↗2022-01-19

▶

OSV

CVE-2022-0151: An issue has been discovered in GitLab affecting all versions starting from 12↗2022-01-18

▶

📋Vendor Advisories

CISA

Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability↗2022-06-08

▶

CISA

Microsoft Windows CSRSS Security Feature Bypass Vulnerability↗2022-03-28

▶

CISA

Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability↗2022-03-03

▶

GitLab

CVE-2022-0151: An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all↗2022-01-18

▶

Debian

CVE-2022-0151: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.1...↗2022

▶