SecuritySpace - CVE-2022-3759

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2022-3759

Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service.

Test IDs: 1.3.6.1.4.1.25623.1.0.124269

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2022-3759
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3759.json
https://gitlab.com/gitlab-org/gitlab/-/issues/379633
https://gitlab.com/gitlab-org/gitlab/-/issues/379633
https://hackerone.com/reports/1736230
https://hackerone.com/reports/1736230

CVE ID:	CVE-2022-3759
Description:	An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service.
Test IDs:	1.3.6.1.4.1.25623.1.0.124269
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2022-3759 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3759.json https://gitlab.com/gitlab-org/gitlab/-/issues/379633 https://gitlab.com/gitlab-org/gitlab/-/issues/379633 https://hackerone.com/reports/1736230 https://hackerone.com/reports/1736230