Lucene search

GitLabVULNRICHMENT:CVE-2023-3917

HistorySep 29, 2023 - 6:02 a.m.

CVE-2023-3917 Improper Input Validation in GitLab

2023-09-2906:02:26

CWE-20

GitLab

github.com

cve-2023-3917

input validation

gitlab

denial of service

pipelines

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.6

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

References

gitlab.com/gitlab-org/gitlab/-/issues/417896

hackerone.com/reports/2055158

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.6

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-3917