CVE-2022-1426 - log back

CVE-2022-1426 edited at 09 May 2022 10:08:18
Description
- An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.
+ GitLab from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1 was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.
CVE-2022-1426 edited at 09 May 2022 10:04:37
Type
- Denial of service
+ Authentication bypass
Description
- An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.
+ An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.
CVE-2022-1426 edited at 09 May 2022 10:03:31
Severity
- Unknown
+ Low
Type
- Unknown
+ Denial of service
Description
+ An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.
References
Notes
CVE-2022-1426 created at 09 May 2022 08:57:49