First published: Wed Aug 02 2023(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.
Credit: cve@gitlab.com cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=16.1<16.1.3 | |
GitLab GitLab | >=16.1<16.1.3 | |
GitLab GitLab | >=16.2<16.2.2 | |
GitLab GitLab | >=16.2<16.2.2 |
Upgrade to version 16.2.2, 16.1.3 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID for this vulnerability is CVE-2023-3900.
The severity of CVE-2023-3900 is high, with a severity value of 7.5.
The affected software for CVE-2023-3900 is GitLab CE/EE, with versions starting from 16.1 before 16.1.3 and versions starting from 16.2 before 16.2.2.
CVE-2023-3900 affects GitLab CE/EE by causing a Denial of Service as the Changes tab would not load on the merge requests page due to an invalid 'start_sha' value.
Yes, a fix is available for CVE-2023-3900. Users should update GitLab CE/EE to version 16.1.3 or 16.2.2 or later.