CVE-2023-3246: Uncontrolled Resource Consumption in GitLab
First published: Mon Nov 06 2023(Updated: )
An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gitlab Gitlab | <16.3.6 | |
| Gitlab Gitlab | <16.3.6 | |
| Gitlab Gitlab | >=16.4.0<16.4.2 | |
| Gitlab Gitlab | >=16.4.0<16.4.2 | |
| Gitlab Gitlab | =16.5.0 | |
| Gitlab Gitlab | =16.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-3246?
CVE-2023-3246 is an Uncontrolled Resource Consumption vulnerability in GitLab that allows attackers to block the Sidekiq job processor.
What versions of GitLab are affected by CVE-2023-3246?
GitLab versions before 16.3.6, starting from 16.4 before 16.4.2, and starting from 16.5 before 16.5.1 are affected by CVE-2023-3246.
What is the severity of CVE-2023-3246?
The severity of CVE-2023-3246 is medium with a CVSS score of 4.3.
How can I fix CVE-2023-3246?
To fix CVE-2023-3246, you should update GitLab to version 16.3.6 or later, 16.4.2 or later, or 16.5.1 or later.
Where can I find more information about CVE-2023-3246?
You can find more information about CVE-2023-3246 on the GitLab issue page: https://gitlab.com/gitlab-org/gitlab/-/issues/415371 and on the HackerOne report: https://hackerone.com/reports/2014157.
- collector/mitre-cve
- collector/nvd-api
- agent/weakness
- agent/event
- vendor/gitlab
- canonical/gitlab gitlab
- version/gitlab gitlab/16.4.0
- version/gitlab gitlab/16.5.0