The version of GitLab installed on the remote host is prior to 15.6.7, 15.7.6, 15.8.1. It is, therefore, affected by a vulnerability as referenced in the SECURITY-RELEASE-GITLAB-15-8-1-RELEASED advisory.
– A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More