Lucene search

Veracode Vulnerability DatabaseVERACODE:44822

HistoryDec 25, 2023 - 10:56 p.m.

Denial Of Service

2023-12-2522:56:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

sid

denial of service

vulnerability

ci/cd component

memory exhaust

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

13.3%

JSON

gitlab:sid is vulnerable to Denial of Service. The vulnerability due to point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop. it allows an attacker to cause Denial of Service.

References

gitlab.com/gitlab-org/gitlab/-/issues/428984

hackerone.com/reports/2218566

security-tracker.debian.org/tracker/CVE-2023-5825

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

13.3%

JSON

Related for VERACODE:44822