DOS: taking down a 1k users Gitlab EE instance or multiple Sidekiq instances by importing a malicious repo from a Github EE self-hosted server
Medium
G
GitLab
Submitted None
Team Summary
Official summary from GitLab
This report described a vulnerability in GitLab where an attacker could cause a server side denial of service by importing a malicious payload via the GitHub importer functionality. More details can be found https://gitlab.com/gitlab-org/gitlab/-/issues/463092
Actions:
Reported by
a92847865
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Uncontrolled Resource Consumption