CVE-2023-3917

MEDIUM

Gitlab < 16.2.8 - Denial of Service

Title source: rule

Description

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/417896

[Permissions Required] https://hackerone.com/reports/2055158

Scores

CVSS v3 4.3

EPSS 0.0017

EPSS Percentile 37.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1287

Status published

Products (5)

gitlab/gitlab 16.4.0 (2 CPE variants)

gitlab/gitlab < 16.2.8 (2 CPE variants)

GitLab/GitLab < 16.2.8

GitLab/GitLab 16.3 - 16.3.5

GitLab/GitLab 16.4 - 16.4.1

Published Sep 29, 2023

Tracked Since Feb 18, 2026