CVE-2022-0477 Information
Jun 07, 2022
cve
Description
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4 all versions starting from 14.6.0 before 14.6.4 all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Reference
https://gitlab.com/gitlab-org/gitlab/-/issues/348166 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0477.json
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
4.9
Share on: