← Back

CVE-2023-0121

nvd nist
Published: Jun 7, 2023Modified: Jan 7, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.

Affected (6)

Products: Gitlab: Gitlab
Gitlab
1 product
Gitlab
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Gitlab
Gitlab
From 13.2.4 to 15.10.8
Gitlab
From 15.11.0 to 15.11.7
Gitlab
From 16.0.0 to 16.0.2
Gitlab
From 13.2.4 to 15.10.8
Gitlab
From 15.11.0 to 15.11.7
Gitlab
From 16.0.0 to 16.0.2

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (7)

Source: cve@gitlab.com
Vendor Advisory
Source: cve@gitlab.com
Issue TrackingVendor Advisory
Source: cve@gitlab.com
Permissions RequiredThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Issue TrackingVendor Advisory

Timeline

No history available yet.