CVE-2022-1428
First published: Wed May 11 2022(Updated: )
An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being enforced.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <14.8.6 | |
| GitLab | <14.8.6 | |
| GitLab | >=14.9.0<14.9.4 | |
| GitLab | >=14.9.0<14.9.4 | |
| GitLab | =14.10.0 | |
| GitLab | =14.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-1428?
CVE-2022-1428 is considered a high-severity vulnerability due to the improper verification of throttling limits.
How do I fix CVE-2022-1428?
To fix CVE-2022-1428, update GitLab to version 14.8.6 or newer, or to versions 14.9.4 or 14.10.1.
What versions are affected by CVE-2022-1428?
CVE-2022-1428 affects GitLab versions prior to 14.8.6, versions 14.9.0 to 14.9.3, and version 14.10.0.
What problems does CVE-2022-1428 cause?
CVE-2022-1428 can lead to the failure of throttling limits for authenticated package requests, potentially resulting in abuse.
Is CVE-2022-1428 a remote attack vulnerability?
Yes, CVE-2022-1428 can be exploited remotely by authenticated users making package requests.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/14.9.0
- version/gitlab/14.10.0