CVE-2022-2931: 
GitLab vulnerability analysis and mitigation

A potential Denial of Service (DoS) vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, and all versions starting from 15.3 before 15.3.2. The vulnerability allowed malformed content added to the issue description to trigger high CPU usage (NVD, GitLab Release).

The vulnerability is tracked as CVE-2022-2931 with a CVSS v3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicating high severity. The issue is related to improper handling of malformed content in the issue preview functionality, which could trigger excessive CPU utilization. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption) (NVD).

When exploited, the vulnerability could cause high CPU usage for extended periods (up to 60 seconds per request), potentially leading to a complete denial of service of the GitLab instance. Multiple parallel requests could be used to amplify the impact and make the server completely unavailable (GitLab Issue).

The vulnerability has been patched in GitLab versions 15.1.6, 15.2.4, and 15.3.2. Users are strongly recommended to upgrade to one of these versions or newer to mitigate the vulnerability. GitLab.com has already been updated with the patched version (GitLab Release).

The vulnerability was reported through GitLab's HackerOne bug bounty program by legit-security. GitLab addressed the issue promptly and included it in their critical security release, demonstrating their commitment to maintaining security standards (GitLab Release).