CVE-2023-3917

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/417896	Broken Link
https://hackerone.com/reports/2055158	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.4.0::::community:::
	cpe:2.3:a:gitlab:gitlab:16.4.0::::enterprise:::

History

03 Oct 2024, 07:15

Type	Values Removed	Values Added
CWE	~~CWE-20~~	CWE-1287

03 Oct 2023, 15:25

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gitlab:gitlab:16.4.0::::community::: cpe:2.3:a:gitlab:gitlab:16.4.0::::enterprise::: cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
First Time		Gitlab Gitlab gitlab
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~(MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/417896 -~~	(MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/417896 - Broken Link
References	~~(MISC) https://hackerone.com/reports/2055158 -~~	(MISC) https://hackerone.com/reports/2055158 - Permissions Required
CWE		NVD-CWE-noinfo

29 Sep 2023, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-29 07:15

Updated : 2024-10-03 07:15

NVD link : CVE-2023-3917

Mitre link : CVE-2023-3917

CVE.ORG link : CVE-2023-3917

JSON object : View

Products Affected

gitlab

gitlab

CWE

NVD-CWE-noinfo CWE-1287

Improper Validation of Specified Type of Input

{"id": "CVE-2023-3917", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-09-29T07:15:13.557", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417896", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2055158", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-1287"}]}], "descriptions": [{"lang": "en", "value": "Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail."}, {"lang": "es", "value": "La Denegaci\u00f3n de Servicio en pipelines afectan a todas las versiones de Gitlab EE y CE anteriores a 16.2.8, 16.3 anterior a 16.3.5 y 16.4 anterior a 16.4.1 permite que un atacante provoque fallas en los pipelines."}], "lastModified": "2024-10-03T07:15:14.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "F9180E94-B3C4-4DD4-A2DA-B6E818DAFFF4", "versionEndExcluding": "16.2.8"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CC944069-5F94-4E2A-A13F-5D070BA4E5EB", "versionEndExcluding": "16.2.8"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "50271B2B-7070-4ED0-AB68-65B99D44A68A", "versionEndExcluding": "16.3.5", "versionStartIncluding": "16.3.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589", "versionEndExcluding": "16.3.5", "versionStartIncluding": "16.3.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "B5D4FDD1-7A68-4245-A4D5-842E4FD03FAE"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}