Vulnerabilities > CVE-2022-3411 - Improper Validation of Specified Quantity in Input vulnerability in Gitlab

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
gitlab
CWE-1284
NVD
Published: 2023-02-13
Updated: 2023-08-08

Summary

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.

Vulnerable Configurations

Part Description Count
Application
Gitlab
603

Common Weakness Enumeration (CWE)

References