CVE-2022-0489 — Uncontrolled Resource Consumption in Gitlab

CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

5.7MEDIUMNVD

EPSS

0.2%

top 58.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedApr 1

Latest updateApr 3

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 2.1 | Impact: 3.6

Affected Packages5 packages

▶NVDgitlab/gitlab8.15.0 — 14.6.5+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=14.7, <14.7.4, >=14.8, <14.8.2, >=8.15, <14.6.5+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-42mj-q9qp-h3gm: An issue has been discovered in GitLab CE/EE affecting all versions starting with 8↗2022-04-03

▶

OSV

CVE-2022-0489: An issue has been discovered in GitLab CE/EE affecting all versions starting with 8↗2022-04-01

▶

📋Vendor Advisories

GitLab

CVE-2022-0489: An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature wi↗2022-04-01

▶

Debian

CVE-2022-0489: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting wit...↗2022

▶