PT-2023-26725 · Gitlab · Gitlab Ce/Ee+1
Toukakirishima
·
Published
2023-08-02
·
Updated
2024-10-03
·
CVE-2023-3900
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 16.1 through 16.1.2
GitLab CE/EE versions 16.2 through 16.2.1
Description
An issue has been discovered in GitLab CE/EE where an invalid
start sha value on the merge requests page may lead to Denial of Service, causing the Changes tab to not load.Recommendations
For GitLab CE/EE versions 16.1 through 16.1.2, update to version 16.1.3 or later.
For GitLab CE/EE versions 16.2 through 16.2.1, update to version 16.2.2 or later.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee