7.5
CVE-2023-1733
- EPSS 1.24%
- Veröffentlicht 05.04.2023 20:15:07
- Zuletzt bearbeitet 10.02.2025 21:15:14
- Quelle cve@gitlab.com
- CVE-Watchlists
- Unerledigt
A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.24% | 0.653 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| cve@gitlab.com | 5.8 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json
https://gitlab.com/gitlab-org/gitlab/-/issues/392665
https://hackerone.com/reports/1723124