CVE-2023-4912 Uncontrolled Resource Consumption in GitLab

2023-12-0107:01:48

CWE-400

GitLab

www.cve.org

gitlab

resource consumption

cve-2023-4912

denial of service

mermaid diagram input

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

AI Score

6.5

Confidence

High

EPSS

Percentile

13.3%

JSON

An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.

CNA Affected

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "10.5",
        "status": "affected",
        "lessThan": "16.4.3",
        "versionType": "semver"
      },
      {
        "version": "16.5",
        "status": "affected",
        "lessThan": "16.5.3",
        "versionType": "semver"
      },
      {
        "version": "16.6",
        "status": "affected",
        "lessThan": "16.6.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]