CVE-2023-3917

MEDIUM

Gitlab < 16.2.8 - Denial of Service

Title source: rule

Description

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/417896

[Permissions Required] https://hackerone.com/reports/2055158

Scores

CVSS v3 4.3

EPSS 0.0013

EPSS Percentile 32.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-1287

Status published

Affected Products (4)

gitlab/gitlab < 16.2.8

gitlab/gitlab

Timeline

Published Sep 29, 2023

Tracked Since Feb 18, 2026