A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.
References
| Link | Resource |
|---|---|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0121.json | Vendor Advisory |
| https://gitlab.com/gitlab-org/gitlab/-/issues/387549 | Issue Tracking Vendor Advisory |
| https://hackerone.com/reports/1774688 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Oct 2024, 19:22
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://gitlab.com/gitlab-org/gitlab/-/issues/387549 - Issue Tracking, Vendor Advisory | |
| CWE |
03 Oct 2024, 07:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-770 |
14 Jun 2023, 01:03
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| References | (MISC) https://hackerone.com/reports/1774688 - Permissions Required, Third Party Advisory | |
| References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/387549 - Broken Link | |
| References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0121.json - Vendor Advisory | |
| CWE | CWE-400 |
07 Jun 2023, 17:28
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-07 17:15
Updated : 2024-10-08 19:22
NVD link : CVE-2023-0121
Mitre link : CVE-2023-0121
CVE.ORG link : CVE-2023-0121
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-770
Allocation of Resources Without Limits or Throttling