CVE-2022-3639
First published: Fri Oct 21 2022(Updated: )
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=10.8.0<15.1.6 | |
| GitLab | >=15.2<15.2.4 | |
| GitLab | >=15.3<15.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3639?
CVE-2022-3639 has a moderate severity level due to its potential to cause denial-of-service (DOS) conditions.
How do I fix CVE-2022-3639?
To fix CVE-2022-3639, you should upgrade your GitLab instance to version 15.1.6, 15.2.4 or 15.3.2 or higher.
What versions of GitLab are affected by CVE-2022-3639?
CVE-2022-3639 affects all GitLab versions from 10.8 before 15.1.6, from 15.2 before 15.2.4, and from 15.3 before 15.3.2.
What kind of vulnerability is CVE-2022-3639?
CVE-2022-3639 is a potential denial-of-service (DOS) vulnerability caused by improper data handling during branch creation.
What can an attacker achieve with CVE-2022-3639?
An attacker could exploit CVE-2022-3639 to trigger high CPU usage on the affected GitLab server, affecting its availability.
- agent/references
- agent/type
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/10.8.0
- version/gitlab/15.2
- version/gitlab/15.3