PT-2023-32445 · Gitlab · Gitlab Ce/Ee+1
Published
2023-11-06
·
Updated
2024-10-03
·
CVE-2023-5963
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
GitLab EE versions 13.9 through 16.3.6
GitLab EE version 16.4 prior to 16.4.2
GitLab EE version 16.5 prior to 16.5.1
Description
An issue has been discovered in GitLab EE with Advanced Search that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.
Recommendations
For GitLab EE versions 13.9 through 16.3.6, update to a version after 16.3.6 to resolve the issue.
For GitLab EE version 16.4 prior to 16.4.2, update to version 16.4.2 or later to resolve the issue.
For GitLab EE version 16.5 prior to 16.5.1, update to version 16.5.1 or later to resolve the issue.
As a temporary workaround, consider restricting the use of the Advanced Search function to minimize the risk of exploitation.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee