Home > Vulnerability Database > CVE-2023-3917

Mend.io Vulnerability Database

CVE-2023-3917

Good to know:

Date: September 29, 2023

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

Language: Ruby

Severity Score

4.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3917

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/417896

Url: https://hackerone.com/reports/2055158

Url: https://www.mend.io/vulnerability-database/CVE-2023-3917

Severity Score

4.3

Weakness Type (CWE)

Input Validation

CWE-20

Insufficient Information

NVD-CWE-noinfo

Improper Validation of Specified Type of Input

CWE-1287

Top Fix

Upgrade Version

Upgrade to version v16.2.8,v16.3.5,v16.4.1

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3917

Good to know:

Date: September 29, 2023

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?