CVE-2023-4647 Uncontrolled Resource Consumption in GitLab

2023-09-0110:30:27

CWE-400

GitLab

www.cve.org

gitlab

resource consumption

api pagination

vulnerability

denial of service

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

23.5%

JSON

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "vendor": "GitLab",
    "versions": [
      {
        "lessThan": "16.1.5",
        "status": "affected",
        "version": "15.2",
        "versionType": "semver"
      },
      {
        "lessThan": "16.2.5",
        "status": "affected",
        "version": "16.2",
        "versionType": "semver"
      },
      {
        "lessThan": "16.3.1",
        "status": "affected",
        "version": "16.3",
        "versionType": "semver"
      }
    ]
  }
]