CVE-2023-0632 — Vulnetix

CVE-2023-0632 PUBLISHED

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry.

EPSS 0.23% · 45.7th percentile

Risk Scores

EPSS Score

0.23%

45.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	15.2.0, 16.1.0, 16.2.0
Bitnami	gitlab	15.2.0, 16.2.0, 16.1.0

Timeline

Aug 1, 2023 CVE Published
Aug 2, 2023 EPSS Score
Aug 2, 2023 CVE Updated
Sep 5, 2023 EPSS Score
Nov 11, 2023 EPSS Score
Dec 15, 2023 EPSS Score
Feb 21, 2024 EPSS Score
Mar 26, 2024 EPSS Score
Jun 1, 2024 EPSS Score
Jul 5, 2024 EPSS Score
Sep 11, 2024 EPSS Score
Oct 14, 2024 EPSS Score

References

https://gitlab.com/gitlab-org/gitlab/-/issues/390148 url
https://hackerone.com/reports/1852677 url
https://nvd.nist.gov/vuln/detail/CVE-2023-0632 url

Open in Interactive Console →