CVE-2023-6502 - OpenCVE

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/433534
https://hackerone.com/reports/2263638

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitLab

Published: 2024-05-23T11:02:31.779Z

Updated: 2024-06-04T17:17:20.207Z

Reserved: 2023-12-04T18:30:29.207Z

Link: CVE-2023-6502

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-23T11:15:22.913

Modified: 2024-05-24T01:15:30.977

Link: CVE-2023-6502

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6502", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-12-04T18:30:29.207Z", "datePublished": "2024-05-23T11:02:31.779Z", "dateUpdated": "2024-06-04T17:17:20.207Z"}, "containers": {"cna": {"title": "Uncontrolled Resource Consumption in GitLab", "descriptions": [{"lang": "en", "value": "A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "versions": [{"version": "0", "status": "affected", "lessThan": "16.10.6", "versionType": "semver"}, {"version": "16.11", "status": "affected", "lessThan": "16.11.3", "versionType": "semver"}, {"version": "17.0", "status": "affected", "lessThan": "17.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "cweId": "CWE-400", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/433534", "name": "GitLab Issue #433534", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2263638", "name": "HackerOne Bug Bounty Report #2263638", "tags": ["technical-description", "exploit", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.10.6, 16.11.3, 17.0.1 or above."}], "credits": [{"lang": "en", "value": "Thanks `Anonymizer` for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-05-23T11:02:31.779Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6502", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T15:40:39.910701Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:17:20.207Z"}}]}}