CVE-2022-2592

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 15.1.6 GitLab CE/EE version 15.2 prior to 15.2.4 GitLab CE/EE version 15.3 prior to 15.3.2

Description The issue is related to insufficient input validation in GitLab, allowing a remote attacker to cause a denial of service. Specifically, a lack of length validation in Snippet descriptions enables an authenticated attacker to create a maliciously large Snippet. When this Snippet is requested, either with or without authentication, it places an excessive load on the server, potentially leading to a denial of service.

Recommendations For GitLab CE/EE versions prior to 15.1.6, update to version 15.1.6 or later. For GitLab CE/EE version 15.2 prior to 15.2.4, update to version 15.2.4 or later. For GitLab CE/EE version 15.3 prior to 15.3.2, update to version 15.3.2 or later.