7.5

CVE-2023-3917

Improper Validation of Specified Type of Input in GitLab

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab SwEditioncommunity Version < 16.2.8
GitlabGitLab SwEditionenterprise Version < 16.2.8
GitlabGitLab SwEditioncommunity Version >= 16.3.0 < 16.3.5
GitlabGitLab SwEditionenterprise Version >= 16.3.0 < 16.3.5
GitlabGitLab Version16.4.0 SwEditioncommunity
GitlabGitLab Version16.4.0 SwEditionenterprise
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.78% 0.51
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@gitlab.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-1287 Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

https://gitlab.com/gitlab-org/gitlab/-/issues/417896
Broken Link
https://hackerone.com/reports/2055158
Permissions Required