CVE-2022-3478

Опубликовано: 26 янв. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3478.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/377788
Exploit
Issue Tracking
Vendor Advisory
https://hackerone.com/reports/1716296
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3478.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/377788
Exploit
Issue Tracking
Vendor Advisory
https://hackerone.com/reports/1716296
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 12.8.0 (включая) до 15.4.6 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 12.8.0 (включая) до 15.4.6 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 15.5.0 (включая) до 15.5.5 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 15.5.0 (включая) до 15.5.5 (исключая)

cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 21%

0.00066

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-3478

CVSS3: 4.3

ubuntu

около 3 лет назад

CVE-2022-3478

CVSS3: 4.3

debian

около 3 лет назад

An issue has been discovered in GitLab affecting all versions starting ...

GHSA-h782-mprg-p5xv

CVSS3: 4.3

github

около 3 лет назад

EPSS

Процентиль: 21%

0.00066

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-434