{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-0121","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","assignerShortName":"GitLab","dateUpdated":"2025-01-07T17:00:17.563Z","dateReserved":"2023-01-09T00:00:00.000Z","datePublished":"2023-06-07T00:00:00.000Z"},"containers":{"cna":{"affected":[{"product":"GitLab","vendor":"GitLab","versions":[{"status":"affected","version":">=13.2.4, <15.10.8"},{"status":"affected","version":">=15.11, <15.11.7"},{"status":"affected","version":">=16.0, <16.0.2"}]}],"credits":[{"lang":"en","value":"Thanks [luryus](https://hackerone.com/luryus) for reporting this vulnerability through our HackerOne bug bounty program"}],"descriptions":[{"lang":"en","value":"A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"CWE-770: Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2024-10-03T06:23:09.191Z"},"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387549"},{"url":"https://hackerone.com/reports/1774688"},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0121.json"}],"title":"Allocation of Resources Without Limits or Throttling in GitLab"},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:02:43.992Z"},"title":"CVE Program Container","references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387549","tags":["x_transferred"]},{"url":"https://hackerone.com/reports/1774688","tags":["x_transferred"]},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0121.json","tags":["x_transferred"]}]},{"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/387549","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-07T17:00:02.776718Z","id":"CVE-2023-0121","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-07T17:00:17.563Z"}}]}}