First published: Fri Sep 01 2023(Updated: )
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.
Credit: cve@gitlab.com cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=15.2.0<16.1.5 | |
GitLab GitLab | >=15.2.0<16.1.5 | |
GitLab GitLab | >=16.2<16.2.5 | |
GitLab GitLab | >=16.2<16.2.5 | |
GitLab GitLab | =16.3.0 | |
GitLab GitLab | =16.3.0 | |
>=15.2.0<16.1.5 | ||
>=15.2.0<16.1.5 | ||
>=16.2<16.2.5 | ||
>=16.2<16.2.5 | ||
=16.3.0 | ||
=16.3.0 |
Upgrade to versions 16.3.1, 16.2.5, 16.1.5 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4647 is a vulnerability in GitLab that affects all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, and all versions starting from 16.3 before 16.3.1.
CVE-2023-4647 has a severity rating of 7.5 (high).
CVE-2023-4647 allows the skipping of projects API pagination, leading to potential denial-of-service (DoS) attacks on certain instances of GitLab.
CVE-2023-4647 affects all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, and all versions starting from 16.3 before 16.3.1 of GitLab.
Yes, upgrading to GitLab version 16.1.5, 16.2.5, or 16.3.1 will fix the vulnerability.