CVE-2023-3917 — Improper Validation of Specified Type of Input in Gitlab

CWE-1287 — Improper Validation of Specified Type of Input CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 62.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE

Timeline

PublishedSep 29

Description

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5gitlab/gitlab16.3 — 16.3.5+1

▶NVDgitlab/gitlab16.3.0 — 16.3.5+2

▶debiandebian/gitlab< gitlab 16.4.4+ds2-2 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

GHSA

GHSA-7jqp-vcg7-7x84: Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16↗2023-09-29

▶

OSV

CVE-2023-3917: Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16↗2023-09-29

▶

📋Vendor Advisories

GitLab

CVE-2023-3917: Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attac↗2023-09-29

▶

Debian

CVE-2023-3917: gitlab - Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior ...↗2023

▶