CVE-2023-6386

Summary

A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab15.11 < 16.6.7affected
GitLabGitLab16.7 < 16.7.5affected
GitLabGitLab16.8 < 16.8.2affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References