CVE-2022-1428: 
GitLab vulnerability analysis and mitigation

CVE-2022-1428 is a security vulnerability discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1. The vulnerability relates to incorrect verification of throttling limits for authenticated package requests, which resulted in limits not being enforced (GitLab Release).

The vulnerability is classified as medium severity with a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. The issue stems from improper rack-attack discriminator implementation for authenticated_packages_api when used with a deploy token, which caused throttling limits to not be properly enforced (NVD).

When exploited, this vulnerability could allow authenticated users to bypass the intended rate limiting controls for package requests, potentially leading to resource consumption issues (GitLab Release).

The vulnerability has been fixed in GitLab versions 14.8.6, 14.9.4, and 14.10.1. Users are strongly recommended to upgrade to these or later versions to address this security issue (GitLab Release).