CVE-2023-6678

MEDIUM

Gitlab < 16.8.6 - Denial of Service

Title source: rule

Description

An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/434689

[Permissions Required] https://hackerone.com/reports/2268037

Scores

CVSS v3 4.3

EPSS 0.0002

EPSS Percentile 5.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-1333

Status published

Affected Products (1)

gitlab/gitlab < 16.8.6

Timeline

Published Apr 12, 2024

Tracked Since Feb 18, 2026