CVE-2023-6386

MEDIUM

GitLab CE/EE <16.6.7-16.8.2 - DoS

Title source: llm

Description

A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/433147

[Permissions Required] https://hackerone.com/reports/2261581

Scores

CVSS v3 6.5

EPSS 0.0104

EPSS Percentile 77.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-770

Status published

Affected Products (2)

gitlab/gitlab < 16.6.7

Timeline

Published Feb 05, 2025

Tracked Since Feb 18, 2026