Regular Expression DoS Attack on Server

CVE-2023-6688
6.5MEDIUM

Key Information

Vendor
Gitlab
Status
Gitlab
Vendor
CVE Published:
14 May 2024

Summary

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server.

Affected Version(s)

GitLab < 16.11.2

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Thanks to `Anonymizer` for reporting this vulnerability through our HackerOne bug bounty program.
.