CVE-2023-3917

MEDIUM

GitLab < 16.2.8, 16.3 < 16.3.5, 16.4 < 16.4.1 - Denial of Service in Pipelines

Title source: llm
STIX 2.1

Description

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

References (2)

Core 2
Core References
Broken Link issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/417896
Permissions Required technical-description exploit permissions-required
https://hackerone.com/reports/2055158

Scores

CVSS v3 4.3
EPSS 0.0078
EPSS Percentile 50.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-1287
Status published
Products (5)
gitlab/gitlab 16.4.0 (2 CPE variants)
gitlab/gitlab < 16.2.8 (2 CPE variants)
GitLab/GitLab < 16.2.8
GitLab/GitLab 16.3 - 16.3.5
GitLab/GitLab 16.4 - 16.4.1
Published Sep 29, 2023
Tracked Since Feb 18, 2026