CVE-2022-0151
published 2022-01-18CVE-2022-0151: An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions…
PriorityP422medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
1.11%
62.0th percentile
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 12.10 < 14.4.5 | 14.4.5 |
| gitlab | gitlab | >= 14.5.0 < 14.5.3 | 14.5.3 |
| gitlab | gitlab | >= 14.6.0 < 14.6.2 | 14.6.2 |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv4.9MEDIUM
cisa9.8CRITICAL
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability
cisa·2022-06-08·CVSS 7.8
CVE-2012-0151 [HIGH] CWE-20 Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability
Vulnerability: Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability
Affected: Microsoft Windows
The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2012-0151
Remediation Due Date: 2022-06-22
CISA
Microsoft Windows CSRSS Security Feature Bypass Vulnerability
cisa·2022-03-28·CVSS 7.8
CVE-2016-0151 [HIGH] CWE-264 Microsoft Windows CSRSS Security Feature Bypass Vulnerability
Vulnerability: Microsoft Windows CSRSS Security Feature Bypass Vulnerability
Affected: Microsoft Client-Server Run-time Subsystem (CSRSS)
The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-0151
Remediation Due Date: 2022-04-18
CISA
Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability
cisa·2022-03-03·CVSS 9.8
CVE-2018-0151 [CRITICAL] CWE-119 Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability
Vulnerability: Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability
Affected: Cisco IOS and IOS XE Software
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-0151
Remediation Due Date: 2022-03-17
GitLab
CVE-2022-0151: An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all
vendor_gitlab·2022-01-18·CVSS 6.5
CVE-2022-0151 [MEDIUM] CVE-2022-0151: An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all
CVE-2022-0151: An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.
Debian
CVE-2022-0151: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.1...
vendor_debian·2022·CVSS 6.5
CVE-2022-0151 [MEDIUM] CVE-2022-0151: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.1...
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
GHSA
GHSA-c9xg-h9c4-4vv6: An issue has been discovered in GitLab affecting all versions starting from 12
ghsa_unreviewed·2022-01-19
CVE-2022-0151 [MEDIUM] GHSA-c9xg-h9c4-4vv6: An issue has been discovered in GitLab affecting all versions starting from 12
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.
OSV
CVE-2022-0151: An issue has been discovered in GitLab affecting all versions starting from 12
osv·2022-01-18·CVSS 4.9
CVE-2022-0151 [MEDIUM] CVE-2022-0151: An issue has been discovered in GitLab affecting all versions starting from 12
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-18
Published