Description
An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.
References (2)
Core 2
Core References
Broken Link issue-tracking
https://gitlab.com/gitlab-org/gitlab/-/issues/418226
Permissions Required technical-description
exploit
permissions-required
https://hackerone.com/reports/2053154
Scores
CVSS v3
4.3
EPSS
0.0073
EPSS Percentile
49.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-1287
Status
published
Products (1)
gitlab/gitlab
< 16.4.4
Published
Dec 15, 2023
Tracked Since
Feb 18, 2026