CVE-2023-3210Regex Denial of Service in Gitlab

CWE-1333Regex Denial of ServiceCWE-400Uncontrolled Resource Consumption6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 38.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedSep 1
Latest updateDec 8

Description

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5gitlab/gitlab16.316.3.1
NVDgitlab/gitlab15.1116.1.5+2
debiandebian/gitlab< gitlab 16.4.4+ds2-2 (sid)
gitlabgitlab/gitlab

🔴Vulnerability Details

2
OSV
CVE-2023-3210: An issue has been discovered in GitLab affecting all versions starting from 152023-09-01
GHSA
GHSA-qrrr-vqv8-9hcw: An issue has been discovered in GitLab affecting all versions starting from 152023-09-01

📋Vendor Advisories

2
GitLab
CVE-2023-3210: An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all ve2023-09-01
Debian
CVE-2023-3210: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.1...2023

📄Research Papers

1
arXiv
A Red Teaming Framework for Securing AI in Maritime Autonomous Systems2023-12-08