CVE-2023-6489

A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/433520	Broken Link
https://hackerone.com/reports/2262450	Permissions Required
https://gitlab.com/gitlab-org/gitlab/-/issues/433520	Broken Link
https://hackerone.com/reports/2262450	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

11 Dec 2024, 19:06

Type	Values Removed	Values Added
First Time		Gitlab Gitlab gitlab
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/433520 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/433520 - Broken Link
References	~~() https://hackerone.com/reports/2262450 -~~	() https://hackerone.com/reports/2262450 - Permissions Required
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

Information

Published : 2024-04-12 01:15

Updated : 2024-12-11 19:06

NVD link : CVE-2023-6489

Mitre link : CVE-2023-6489

CVE.ORG link : CVE-2023-6489

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-1333

Inefficient Regular Expression Complexity

{"id": "CVE-2023-6489", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-04-12T01:15:57.340", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/433520", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2262450", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/433520", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/2262450", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-1333"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1333"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en GitLab CE/EE, versiones 16.7.7 anteriores a 16.8.6, 16.9 anteriores a 16.9.4 y 16.10 anteriores a 16.10.2, que permite a un atacante aumentar el uso de recursos de la instancia de GitLab, lo que resulta en servicio. degradaci\u00f3n a trav\u00e9s de la funci\u00f3n de integraci\u00f3n de chat."}], "lastModified": "2024-12-11T19:06:06.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "CEC51D1F-F1B7-44E4-BB00-4C57D0F7988C", "versionEndExcluding": "16.8.6", "versionStartIncluding": "16.7.7"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "754B2043-9069-40C7-8238-A6C163409EB0", "versionEndExcluding": "16.8.6", "versionStartIncluding": "16.7.7"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "6C090961-541F-48DB-A98E-B7227E2BEF1E", "versionEndExcluding": "16.9.4", "versionStartIncluding": "16.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CE07887F-4BE5-4269-9C3B-10CF3E2E307E", "versionEndExcluding": "16.9.4", "versionStartIncluding": "16.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "F66DCEFD-34BA-48AA-8154-D34480ADEF3B", "versionEndExcluding": "16.10.2", "versionStartIncluding": "16.10.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "5D01A2BB-5343-4AF5-AAD0-9D3AB09C6CBE", "versionEndExcluding": "16.10.2", "versionStartIncluding": "16.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}