PT-2023-16589 · Gitlab · Gitlab Ce/Ee
Published
2023-02-23
·
Updated
2023-02-23
·
CVE-2023-0886
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 12.4 through 15.6.6
GitLab CE/EE versions 15.7 through 15.7.5
GitLab CE/EE versions 15.8 through 15.8.0
Description
A lack of length validation in GitLab CE/EE allows an authenticated attacker to create a large Issue description via GraphQL, which can saturate CPU usage when repeatedly requested.
Recommendations
For GitLab CE/EE versions 12.4 through 15.6.6, update to version 15.6.7 or later.
For GitLab CE/EE versions 15.7 through 15.7.5, update to version 15.7.6 or later.
For GitLab CE/EE versions 15.8 through 15.8.0, update to version 15.8.1 or later.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitlab Ce/Ee