CVE-2023-6678

MEDIUM

Gitlab < 16.8.6 - Denial of Service

Title source: rule

Description

An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/434689

[Permissions Required] https://hackerone.com/reports/2268037

Scores

CVSS v3 4.3

EPSS 0.0002

EPSS Percentile 6.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1333

Status published

Products (1)

gitlab/gitlab < 16.8.6

Published Apr 12, 2024

Tracked Since Feb 18, 2026