CVE-2023-3900 — Vulnetix

CVE-2023-3900 PUBLISHED

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.

EPSS 0.18% · 39.9th percentile

Risk Scores

EPSS Score

0.18%

39.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	16.2.0, 16.1.0
Bitnami	gitlab	16.1.0, 16.2.0

Exploit Intelligence

https://hackerone.com/reports/2058514 (osv)

Timeline

Aug 1, 2023 CVE Published
Aug 2, 2023 EPSS Score
Aug 2, 2023 CVE Updated
Sep 5, 2023 EPSS Score
Nov 12, 2023 EPSS Score
Dec 15, 2023 EPSS Score
Jan 18, 2024 EPSS Score
Feb 21, 2024 EPSS Score
Apr 29, 2024 EPSS Score
Jun 2, 2024 EPSS Score
Jul 6, 2024 EPSS Score
Aug 8, 2024 EPSS Score

References

https://gitlab.com/gitlab-org/gitlab/-/issues/418770 url
https://hackerone.com/reports/2058514 url
https://nvd.nist.gov/vuln/detail/CVE-2023-3900 url

Open in Interactive Console →