CVE-2023-6840
published 2024-02-07CVE-2023-6840: An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a…
PriorityP432medium6.7CVSS 3.1
AVNACLPRHUINSUCLIHAH
EPSS
0.56%
42.6th percentile
An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 16.6.7-1 (sid) | gitlab 16.6.7-1 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 16.4 < 16.6.7 | 16.6.7 |
| gitlab | gitlab | >= 16.4.0 < 16.6.7 | 16.6.7 |
| gitlab | gitlab | >= 16.7 < 16.7.5 | 16.7.5 |
| gitlab | gitlab | >= 16.7.0 < 16.7.5 | 16.7.5 |
| gitlab | gitlab | >= 16.8 < 16.8.2 | 16.8.2 |
| gitlab | gitlab | >= 16.8.0 < 16.8.2 | 16.8.2 |
| gitlab | gitlab_ee | — | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
osv6.7MEDIUM
vendor_redhat7.5HIGH
vendor_debian6.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8jj6-7vgp-rg47: An issue has been discovered in GitLab EE affecting all versions from 16
ghsa_unreviewed·2024-02-08
CVE-2023-6840 [MEDIUM] CWE-284 GHSA-8jj6-7vgp-rg47: An issue has been discovered in GitLab EE affecting all versions from 16
An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.
OSV
CVE-2023-6840: An issue has been discovered in GitLab EE affecting all versions from 16
osv·2024-02-07·CVSS 6.7
CVE-2023-6840 [MEDIUM] CVE-2023-6840: An issue has been discovered in GitLab EE affecting all versions from 16
An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.
Red Hat
bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
vendor_redhat·2024-02-13·CVSS 7.5
CVE-2023-50387 [HIGH] CWE-400 bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side.
This vulnerability applies only for systems where DNSSEC validation is enabled.
Statement: This vulnerability in DNSSEC-validating resolv
GitLab
CVE-2023-6840: An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allow
vendor_gitlab·2024-02-07·CVSS 6.7
CVE-2023-6840 [MEDIUM] CWE-862 CVE-2023-6840: An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allow
CVE-2023-6840: An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.
Debian
CVE-2023-6840: gitlab - An issue has been discovered in GitLab EE affecting all versions from 16.4 prior...
vendor_debian·2023·CVSS 6.7
CVE-2023-6840 [MEDIUM] CVE-2023-6840: gitlab - An issue has been discovered in GitLab EE affecting all versions from 16.4 prior...
An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.
Scope: local
sid: resolved (fixed in 16.6.7-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-07
Published