An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/428984 | Issue Tracking Vendor Advisory |
https://hackerone.com/reports/2218566 | Permissions Required |
https://gitlab.com/gitlab-org/gitlab/-/issues/428984 | Issue Tracking Vendor Advisory |
https://hackerone.com/reports/2218566 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/428984 - Issue Tracking, Vendor Advisory | |
References | () https://hackerone.com/reports/2218566 - Permissions Required |
08 Oct 2024, 19:01
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/428984 - Issue Tracking, Vendor Advisory |
03 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-06 11:15
Updated : 2025-05-05 14:11
NVD link : CVE-2023-5825
Mitre link : CVE-2023-5825
CVE.ORG link : CVE-2023-5825
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')