CVE-2023-6489

A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/433520	Broken Link
https://hackerone.com/reports/2262450	Permissions Required
https://gitlab.com/gitlab-org/gitlab/-/issues/433520	Broken Link
https://hackerone.com/reports/2262450	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

11 Dec 2024, 19:06

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/433520 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/433520 - Broken Link
References	~~() https://hackerone.com/reports/2262450 -~~	() https://hackerone.com/reports/2262450 - Permissions Required
First Time		Gitlab Gitlab gitlab
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:::::community:::*

21 Nov 2024, 08:43

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/433520 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/433520 -
References	~~() https://hackerone.com/reports/2262450 -~~	() https://hackerone.com/reports/2262450 -

03 Oct 2024, 07:15

Type	Values Removed	Values Added
CWE	~~CWE-400~~	CWE-1333

12 Apr 2024, 12:43

Type	Values Removed	Values Added
Summary		(es) Se identificó una vulnerabilidad de denegación de servicio en GitLab CE/EE, versiones 16.7.7 anteriores a 16.8.6, 16.9 anteriores a 16.9.4 y 16.10 anteriores a 16.10.2, que permite a un atacante aumentar el uso de recursos de la instancia de GitLab, lo que resulta en servicio. degradación a través de la función de integración de chat.

12 Apr 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-12 01:15

Updated : 2024-12-11 19:06

NVD link : CVE-2023-6489

Mitre link : CVE-2023-6489

CVE.ORG link : CVE-2023-6489

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-1333

Inefficient Regular Expression Complexity

4.3 /10