Vulnerability Details : CVE-2022-3283
Potential exploit
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.
Vulnerability category: Denial of service
Products affected by CVE-2022-3283
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3283
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3283
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
GitLab Inc. | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-3283
-
The product does not properly control the allocation and maintenance of a limited resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-3283
-
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json
2022/CVE-2022-3283.json · master · GitLab.org / cves · GitLabVendor Advisory
-
https://hackerone.com/reports/1543718
HackerOnePermissions Required;Third Party Advisory
-
https://gitlab.com/gitlab-org/gitlab/-/issues/361982
DOS via issue preview and markdown preview (#361982) · Issues · GitLab.org / GitLab · GitLabExploit;Issue Tracking;Vendor Advisory
Jump to