Vulnerability Description
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | < 15.1.6 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.jsonThird Party Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/361982Third Party Advisory
- https://hackerone.com/reports/1543718Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.jsonThird Party Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/361982Third Party Advisory
- https://hackerone.com/reports/1543718Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/361982Third Party Advisory
FAQ
What is CVE-2022-2931?
CVE-2022-2931 is a vulnerability with a CVSS score of 7.5 (HIGH). A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malform...
How severe is CVE-2022-2931?
CVE-2022-2931 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2931?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.