← Back

CVE-2023-6489

nvd nist
Published: Apr 12, 2024Modified: Dec 11, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature.

Affected (6)

Products: Gitlab: Gitlab
Gitlab
1 product
Gitlab
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Gitlab
Gitlab
From 16.10.0 to 16.10.2
Gitlab
From 16.7.7 to 16.8.6
Gitlab
From 16.9.0 to 16.9.4
Gitlab
From 16.10.0 to 16.10.2
Gitlab
From 16.7.7 to 16.8.6
Gitlab
From 16.9.0 to 16.9.4

Related CWEs

CWE-1333
Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References (4)

Source: cve@gitlab.com
Broken Link
Source: cve@gitlab.com
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required

Timeline

No history available yet.