CVE-2023-3904 — Improper Validation of Specified Type of Input in Gitlab

CWE-1287 — Improper Validation of Specified Type of Input CWE-284 — Improper Access Control CWE-20 — Improper Input Validation6 documents6 sources

Severity

7.5HIGHNVD

CISA7.8

EPSS

0.0%

top 93.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE

Timeline

PublishedDec 15

Description

An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDgitlab/gitlab16.5 — 16.5.4+2

▶CVEListV5gitlab/gitlab16.4.3

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

OSV

CVE-2023-3904: An issue has been discovered in GitLab EE affecting all versions starting before 16↗2023-12-15

▶

GHSA

GHSA-625m-28mg-rq98: An issue has been discovered in GitLab EE affecting all versions starting before 16↗2023-12-15

▶

📋Vendor Advisories

GitLab

CVE-2023-3904: An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions s↗2023-12-15

▶

CISA

Linux Kernel Improper Input Validation Vulnerability↗2023-05-12

▶

Debian

CVE-2023-3904: gitlab - An issue has been discovered in GitLab EE affecting all versions starting before...↗2023

▶