CVE-2023-6688

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/434854	Broken Link
https://hackerone.com/reports/2270362	Permissions Required
https://gitlab.com/gitlab-org/gitlab/-/issues/434854	Broken Link
https://hackerone.com/reports/2270362	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

12 Dec 2024, 16:22

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:::::community:::*
First Time		Gitlab Gitlab gitlab
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/434854 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/434854 - Broken Link
References	~~() https://hackerone.com/reports/2270362 -~~	() https://hackerone.com/reports/2270362 - Permissions Required

21 Nov 2024, 08:44

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/434854 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/434854 -
References	~~() https://hackerone.com/reports/2270362 -~~	() https://hackerone.com/reports/2270362 -

03 Oct 2024, 07:15

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde la 16.11 hasta la 16.11.2. Un problema con la lógica de procesamiento para la integración de mensajes de chat de Google puede provocar un ataque DoS de expresión regular en el servidor.
CWE	~~CWE-400~~	CWE-1333

14 May 2024, 14:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 14:35

Updated : 2024-12-12 16:22

NVD link : CVE-2023-6688

Mitre link : CVE-2023-6688

CVE.ORG link : CVE-2023-6688

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-1333

Inefficient Regular Expression Complexity

{"id": "CVE-2023-6688", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-05-14T14:35:33.147", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/434854", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2270362", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/434854", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/2270362", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-1333"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1333"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde la 16.11 hasta la 16.11.2. Un problema con la l\u00f3gica de procesamiento para la integraci\u00f3n de mensajes de chat de Google puede provocar un ataque DoS de expresi\u00f3n regular en el servidor."}], "lastModified": "2024-12-12T16:22:38.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "9B50E4E6-602E-470D-BB03-774CFB1461B6", "versionEndExcluding": "16.11.2", "versionStartIncluding": "16.11.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "5ACCB718-2ABE-4F1A-AB57-B2D3B4879FAC", "versionEndExcluding": "16.11.2", "versionStartIncluding": "16.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}