CVE-2023-5825 - Vulnerability Details - OpenCVE

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.5.0::::community:::
	cpe:2.3:a:gitlab:gitlab:16.5.0::::enterprise:::

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/gitlab/-/issues/428984
https://hackerone.com/reports/2218566

History

Tue, 08 Oct 2024 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400

Thu, 03 Oct 2024 06:30:00 +0000

Type	Values Removed	Values Added
Title	Uncontrolled Resource Consumption in GitLab	Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
Weaknesses		CWE-835

Thu, 19 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:gitlab:gitlab::::::::

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-11-06T10:30:38.334Z

Updated: 2024-10-03T06:23:16.231Z

Reserved: 2023-10-27T10:01:45.672Z

Link: CVE-2023-5825

Vulnrichment

Updated: 2024-08-02T08:14:24.604Z

NVD

Status : Modified

Published: 2023-11-06T11:15:09.740

Modified: 2024-11-21T08:42:34.227

Link: CVE-2023-5825

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5825", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-10-27T10:01:45.672Z", "datePublished": "2023-11-06T10:30:38.334Z", "dateUpdated": "2024-10-03T06:23:16.231Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "versions": [{"lessThan": "16.3.6", "status": "affected", "version": "16.2", "versionType": "semver"}, {"lessThan": "16.4.2", "status": "affected", "version": "16.4", "versionType": "semver"}, {"lessThan": "16.5.1", "status": "affected", "version": "16.5", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thanks [blakbat](https://hackerone.com/blakbat) for reporting this vulnerability through our HackerOne bug bounty program"}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:16.231Z"}, "references": [{"name": "GitLab Issue #428984", "tags": ["issue-tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428984"}, {"name": "HackerOne Bug Bounty Report #2218566", "tags": ["technical-description", "exploit", "permissions-required"], "url": "https://hackerone.com/reports/2218566"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.5.1, 16.4.2, 16.3.6 or above."}], "title": "Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-24T13:51:52.958241Z", "id": "CVE-2023-5825", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T15:30:46.783Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.604Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428984", "name": "GitLab Issue #428984", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/2218566", "name": "HackerOne Bug Bounty Report #2218566", "tags": ["technical-description", "exploit", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428984", "name": "GitLab Issue #428984", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://hackerone.com/reports/2218566", "name": "HackerOne Bug Bounty Report #2218566", "tags": ["technical-description", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.604Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5825", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-24T13:51:52.958241Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T13:55:20.588Z"}}], "cna": {"title": "Uncontrolled Resource Consumption in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [blakbat](https://hackerone.com/blakbat) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "16.2", "lessThan": "16.3.6", "versionType": "semver"}, {"status": "affected", "version": "16.4", "lessThan": "16.4.2", "versionType": "semver"}, {"status": "affected", "version": "16.5", "lessThan": "16.5.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.5.1, 16.4.2, 16.3.6 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428984", "name": "GitLab Issue #428984", "tags": ["issue-tracking"]}, {"url": "https://hackerone.com/reports/2218566", "name": "HackerOne Bug Bounty Report #2218566", "tags": ["technical-description", "exploit", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-09-18T04:08:10.185Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5825", "state": "PUBLISHED", "dateUpdated": "2024-09-18T04:08:10.185Z", "dateReserved": "2023-10-27T10:01:45.672Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2023-11-06T10:30:38.334Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "11237024-8EE5-45AF-9911-3A57E6B8592F", "versionEndExcluding": "16.3.6", "versionStartIncluding": "16.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4F00F14B-EBED-4FBA-9F07-D927DA6D734F", "versionEndExcluding": "16.3.6", "versionStartIncluding": "16.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "92775555-546E-4760-BD66-94E15B33DC8A", "versionEndExcluding": "16.4.2", "versionStartIncluding": "16.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F67E4E44-65EA-494F-B1FA-D080F53329AD", "versionEndExcluding": "16.4.2", "versionStartIncluding": "16.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:community:*:*:*", "matchCriteriaId": "28AC2266-BC77-48CA-82CC-00E1D3825AD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A7286C51-077E-4093-9AF9-66CEE22915AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service."}, {"lang": "es", "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 16.2 anteriores a 16.3.6, todas las versiones desde 16.4 anteriores a 16.4.2, todas las versiones desde 16.5 anteriores a 16.5.1. Un atacante con pocos privilegios puede se\u00f1alar un Componente CI/CD a una ruta incorrecta y hacer que el servidor agote toda la memoria disponible a trav\u00e9s de un bucle infinito y provocar una Denegaci\u00f3n de Servicio."}], "id": "CVE-2023-5825", "lastModified": "2024-11-21T08:42:34.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-06T11:15:09.740", "references": [{"source": "cve@gitlab.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428984"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2218566"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2218566"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "cve@gitlab.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}