CVE-2023-3917
Improper Validation of Specified Type of Input in GitLab
7.5
HIGH
CVSS 3.1
EPSS 0.07%
Description
Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.
How to fix CVE-2023-3917
To remediate CVE-2023-3917, upgrade the affected package to a fixed version below.
- Bitnami/gitlab—upgrade to 16.2.8 or later
Is CVE-2023-3917 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 16.2.8, >= 16.3.0, < 16.3.5, >= 16.4.0, < 16.4.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |