cve-2023-6736
Vulnerability from cvelistv5
Published
2024-02-07 22:02
Modified
2024-09-18 04:08
Severity
Summary
Uncontrolled Resource Consumption in GitLab
References
Source | URL | Tags |
---|---|---|
cve@gitlab.com | https://gitlab.com/gitlab-org/gitlab/-/issues/435036 | Issue Tracking, Permissions Required |
cve@gitlab.com | https://hackerone.com/reports/2269023 | Permissions Required, Technical Description |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-6736", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-08T17:28:36.837955Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:20:46.176Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:15.057Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "GitLab Issue #435036", "tags": [ "issue-tracking", "x_transferred" ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/435036" }, { "name": "HackerOne Bug Bounty Report #2269023", "tags": [ "technical-description", "exploit", "x_transferred" ], "url": "https://hackerone.com/reports/2269023" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "versions": [ { "lessThan": "16.7.6", "status": "affected", "version": "11.3", "versionType": "semver" }, { "lessThan": "16.8.3", "status": "affected", "version": "16.8", "versionType": "semver" }, { "lessThan": "16.9.1", "status": "affected", "version": "16.9", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program" } ], "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-18T04:08:55.212Z", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "name": "GitLab Issue #435036", "tags": [ "issue-tracking" ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/435036" }, { "name": "HackerOne Bug Bounty Report #2269023", "tags": [ "technical-description", "exploit", "permissions-required" ], "url": "https://hackerone.com/reports/2269023" } ], "solutions": [ { "lang": "en", "value": "Upgrade to versions 16.9.1, 16.8.3, 16.7.6 or above." } ], "title": "Uncontrolled Resource Consumption in GitLab" } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-6736", "datePublished": "2024-02-07T22:02:30.947Z", "dateReserved": "2023-12-12T15:30:44.097Z", "dateUpdated": "2024-09-18T04:08:55.212Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-6736\",\"sourceIdentifier\":\"cve@gitlab.com\",\"published\":\"2024-02-07T22:15:09.043\",\"lastModified\":\"2024-03-04T20:33:21.807\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 11.3 anteriores a 16.6.7, todas las versiones desde 16.7 anteriores a 16.7.5, todas las versiones desde 16.8 anteriores a 16.8.2. Era posible que un atacante provocara una denegaci\u00f3n de servicio del lado del cliente utilizando contenido manipulado maliciosamente en el archivo CODEOWNERS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"11.3.0\",\"versionEndExcluding\":\"16.7.6\",\"matchCriteriaId\":\"0A393A71-3927-44F2-B9C6-7E33534F72C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"16.8.0\",\"versionEndExcluding\":\"16.8.3\",\"matchCriteriaId\":\"1920E538-FE0D-40A6-8EA3-667D9835DA8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"1E374890-90FC-4DC5-8C0B-87CC99B4A4D7\"}]}]}],\"references\":[{\"url\":\"https://gitlab.com/gitlab-org/gitlab/-/issues/435036\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://hackerone.com/reports/2269023\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Permissions Required\",\"Technical Description\"]}]}}" } }
Loading...