CVE-2023-3246

MEDIUM

Gitlab < 16.3.6 - Resource Allocation Without Limits

Title source: rule

Description

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

References (2)

[Issue Tracking, Vendor Advisory] https://gitlab.com/gitlab-org/gitlab/-/issues/415371

[Permissions Required] https://hackerone.com/reports/2014157

Scores

CVSS v3 4.3

EPSS 0.0005

EPSS Percentile 14.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-770

Status published

Affected Products (4)

gitlab/gitlab < 16.3.6

gitlab/gitlab

Timeline

Published Nov 06, 2023

Tracked Since Feb 18, 2026