CVE-2023-6502

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/433534	Broken Link
https://hackerone.com/reports/2263638	Permissions Required
https://gitlab.com/gitlab-org/gitlab/-/issues/433534	Broken Link
https://hackerone.com/reports/2263638	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:17.0.0::::community:::
	cpe:2.3:a:gitlab:gitlab:17.0.0::::enterprise:::

History

16 Dec 2024, 15:02

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/433534 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/433534 - Broken Link
References	~~() https://hackerone.com/reports/2263638 -~~	() https://hackerone.com/reports/2263638 - Permissions Required
First Time		Gitlab Gitlab gitlab
CPE		cpe:2.3:a:gitlab:gitlab:17.0.0::::community::: cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:17.0.0::::enterprise::: cpe:2.3:a:gitlab:gitlab:::::community:::*

21 Nov 2024, 08:43

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/433534 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/433534 -
References	~~() https://hackerone.com/reports/2263638 -~~	() https://hackerone.com/reports/2263638 -

03 Oct 2024, 07:15

Type	Values Removed	Values Added
Summary		(es) Se descubrió una condición de denegación de servicio (DoS) en GitLab CE/EE que afecta a todas las versiones anteriores a 16.10.6, a la versión 16.11 anterior a 16.11.3 y a 17.0 anterior a 17.0.1. Es posible que un atacante provoque una denegación de servicio utilizando una página wiki manipulada.
CWE	~~CWE-400~~	CWE-1333

23 May 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-23 11:15

Updated : 2024-12-16 15:02

NVD link : CVE-2023-6502

Mitre link : CVE-2023-6502

CVE.ORG link : CVE-2023-6502

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-1333

Inefficient Regular Expression Complexity

4.3 /10