CVE-2023-3909

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 6, 2023
Updated: Nov 14, 2023
CWE ID 400

Summary

CVE-2023-3909 is a vulnerability affecting GitLab CE/EE versions 12.3 before 16.3.6, 16.4 before 16.4.2, and 16.5 before 16.5.1. This issue allows an attacker to cause a Regular Expression Denial of Service (ReDoS) by adding a large string in the timeout input of the gitlab-ci.yml file. The vulnerability can potentially lead to server overload and unavailability, impacting GitLab's functionality and availability. It is recommended that affected organizations upgrade their GitLab instances to the patched versions as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share