CVE-2023-3904: Improper Validation of Specified Type of Input in GitLab
First published: Fri Dec 15 2023(Updated: )
An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <16.4.4 | |
| GitLab | >=16.5<16.5.4 | |
| GitLab | >=16.6<16.6.2 |
Remedy
Upgrade to versions 16.4.4, 16.5.4, 16.6.2 or above.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-3904?
CVE-2023-3904 is classified as a medium severity vulnerability affecting certain versions of GitLab EE.
How do I fix CVE-2023-3904?
To fix CVE-2023-3904, update GitLab EE to versions 16.4.4, 16.5.4, or 16.6.2 or later.
What versions of GitLab are affected by CVE-2023-3904?
CVE-2023-3904 affects GitLab EE versions before 16.4.4, between 16.5 and 16.5.4, and between 16.6 and 16.6.2.
What is the impact of CVE-2023-3904?
The impact of CVE-2023-3904 includes an overflow of the time spent on an issue, potentially altering issue details.
Is CVE-2023-3904 fixed in the latest GitLab version?
Yes, CVE-2023-3904 is fixed in the latest GitLab versions 16.4.4, 16.5.4, and 16.6.2.
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/remedy
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/16.5
- version/gitlab/16.6