cve-2023-1072
Vulnerability from cvelistv5
Published
2023-03-09 00:00
Modified
2024-08-02 05:32
Severity
Summary
An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.
References
Source | URL | Tags |
---|---|---|
cve@gitlab.com | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json | Vendor Advisory |
cve@gitlab.com | https://gitlab.com/gitlab-org/gitlab/-/issues/219619 | Broken Link |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:32:46.375Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/219619" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitLab", "vendor": "GitLab", "versions": [ { "status": "affected", "version": "\u003e=9.0, \u003c15.7.8" }, { "status": "affected", "version": "\u003e=15.8, \u003c15.8.4" }, { "status": "affected", "version": "\u003e=15.9, \u003c15.9.2" } ] } ], "credits": [ { "lang": "en", "value": "Thanks [Nico Jones](https://gitlab.com/nico28) for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Uncontrolled resource consumption in GitLab", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-09T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/219619" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-1072", "datePublished": "2023-03-09T00:00:00", "dateReserved": "2023-02-27T00:00:00", "dateUpdated": "2024-08-02T05:32:46.375Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-1072\",\"sourceIdentifier\":\"cve@gitlab.com\",\"published\":\"2023-03-09T22:15:51.810\",\"lastModified\":\"2023-03-15T15:58:54.760\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"15.7.8\",\"matchCriteriaId\":\"AD2F3C70-9E35-48BA-917E-4AE3E30114C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"15.7.8\",\"matchCriteriaId\":\"B860F565-7D1F-4FFC-A5D8-0015807F1DA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"15.8\",\"versionEndExcluding\":\"15.8.4\",\"matchCriteriaId\":\"89B81A26-8FF6-4745-A9F4-3F7A3CFCB943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"15.8\",\"versionEndExcluding\":\"15.8.4\",\"matchCriteriaId\":\"124D53C4-ACD0-4C2A-9E95-5E7E7B1BACF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"15.9\",\"versionEndExcluding\":\"15.9.2\",\"matchCriteriaId\":\"3D2A72D7-C712-440D-91F9-D7EBF93EA1F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"15.9\",\"versionEndExcluding\":\"15.9.2\",\"matchCriteriaId\":\"57BB437C-433D-430B-8B1B-3C3B053C9360\"}]}]}],\"references\":[{\"url\":\"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/gitlab-org/gitlab/-/issues/219619\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Broken Link\"]}]}}" } }
Loading...