CVE-2023-6736

Name of the Vulnerable Software and Affected Versions GitLab EE versions 11.3 through 16.6.7 GitLab EE versions 16.7 through 16.7.5 GitLab EE versions 16.8 through 16.8.2 GitLab EE versions 16.9 through 16.9.1

Description The issue is related to the CODEOWNERS component of the GitLab platform, which is vulnerable to uncontrolled resource consumption. This can be exploited by a remote attacker to cause a denial of service. The exploitation involves using maliciously crafted content in the CODEOWNERS file to cause a client-side denial of service.

Recommendations For GitLab EE versions 11.3 through 16.6.7, update to a version after 16.6.7 to resolve the issue. For GitLab EE versions 16.7 through 16.7.5, update to a version after 16.7.5 to resolve the issue. For GitLab EE versions 16.8 through 16.8.2, update to a version after 16.8.2 to resolve the issue. For GitLab EE versions 16.9 through 16.9.1, update to a version after 16.9.1 to resolve the issue. As a temporary workaround, consider restricting access to the CODEOWNERS file to minimize the risk of exploitation.