CVE-2022-1121

Description

A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

gitlab / GitLab Pages<14.7.7 – <14.7.7
gitlab / GitLab Pages>=14.8, <14.8.5 – >=14.8, <14.8.5
gitlab / GitLab Pages>=14.9, <14.9.2 – >=14.9, <14.9.2

References

MISChttps://gitlab.com/gitlab-org/gitlab-pages/-/issues/684
MISChttps://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1121.json