First published: Thu Jan 12 2023(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=6.6.0<15.5.7 | |
GitLab GitLab | >=6.6.0<15.5.7 | |
GitLab GitLab | >=15.6.0<15.6.4 | |
GitLab GitLab | >=15.6.0<15.6.4 | |
GitLab GitLab | >=15.7.0<15.7.2 | |
GitLab GitLab | >=15.7.0<15.7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-3514 is medium with a CVSS score of 5.3.
CVE-2022-3514 affects all versions of GitLab CE/EE starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, and all versions starting from 15.7 before 15.7.2.
The vulnerability in CVE-2022-3514 is a regex issue in the submodule functionality of GitLab, which can be exploited by an attacker to cause Denial of Service (DoS) on a GitLab instance.
An attacker can exploit CVE-2022-3514 by exploiting the regex issue in the submodule functionality of GitLab to cause Denial of Service (DoS) on a GitLab instance.
Yes, a fix for CVE-2022-3514 is available. It is recommended to update GitLab CE/EE to versions 15.5.7, 15.6.4, or 15.7.2 or later.