CVE-2022-1121
published 2022-04-04CVE-2022-1121: A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an…
PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
1.04%
59.8th percentile
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | < 14.7.7 | 14.7.7 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 14.8.0 < 14.8.5 | 14.8.5 |
| gitlab | gitlab | >= 14.9.0 < 14.9.2 | 14.9.2 |
| gitlab | gitlab_ce | — | — |
| gitlab | gitlab_pages | — | — |
| gitlab | gitlab_pages | — | — |
| gitlab | gitlab_pages | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.3MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2022-1121: A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 a
vendor_gitlab·2022-04-04·CVSS 5.3
CVE-2022-1121 [MEDIUM] CWE-770 CVE-2022-1121: A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 a
CVE-2022-1121: A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.
Debian
CVE-2022-1121: gitlab - A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all vers...
vendor_debian·2022·CVSS 5.3
CVE-2022-1121 [MEDIUM] CVE-2022-1121: gitlab - A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all vers...
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
GHSA
Cross-site Scripting in Jenkins JUnit Plugin
ghsa·2022-06-24
CVE-2022-34176 [HIGH] CWE-79 Cross-site Scripting in Jenkins JUnit Plugin
Cross-site Scripting in Jenkins JUnit Plugin
JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
JUnit Plugin 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptions of test results.
GHSA
GHSA-4fff-jcr9-g646: A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14
ghsa_unreviewed·2022-04-05
CVE-2022-1121 [MEDIUM] CWE-770 GHSA-4fff-jcr9-g646: A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.
OSV
CVE-2022-1121: A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14
osv·2022-04-04·CVSS 5.3
CVE-2022-1121 [MEDIUM] CVE-2022-1121: A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-04
Published