CVE-2023-3904

An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 08:18

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 4.3
References () https://gitlab.com/gitlab-org/gitlab/-/issues/418226 - Broken Link () https://gitlab.com/gitlab-org/gitlab/-/issues/418226 - Broken Link
References () https://hackerone.com/reports/2053154 - Permissions Required () https://hackerone.com/reports/2053154 - Permissions Required

03 Oct 2024, 07:15

Type Values Removed Values Added
CWE CWE-284 CWE-1287

19 Dec 2023, 21:41

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 7.5
Summary
  • (es) Se ha descubierto un problema en GitLab EE que afecta a todas las versiones anteriores a 16.4.4, todas las versiones anteriores a 16.5 anteriores a 16.5.4, todas las versiones anteriores a 16.6 anteriores a 16.6.2. Ha sido posble hacer un desbordamiento del tiempo dedicado a un issue que alteró los detalles mostrados en los tableros de issues.
References () https://gitlab.com/gitlab-org/gitlab/-/issues/418226 - () https://gitlab.com/gitlab-org/gitlab/-/issues/418226 - Broken Link
References () https://hackerone.com/reports/2053154 - () https://hackerone.com/reports/2053154 - Permissions Required
CWE NVD-CWE-Other
First Time Gitlab
Gitlab gitlab
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

15 Dec 2023, 16:53

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-15 16:15

Updated : 2024-11-21 08:18


NVD link : CVE-2023-3904

Mitre link : CVE-2023-3904

CVE.ORG link : CVE-2023-3904


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-1287

Improper Validation of Specified Type of Input

NVD-CWE-Other