CVE-2023-5825
Summary
A denial-of-service vulnerability (CVE-2023-5825) has been identified in GitLab CE/EE affecting specific versions. A low-privileged attacker can exploit this by pointing a CI/CD component to an incorrect path, triggering an infinite loop that exhausts server memory.
IFF Assessment
FOE
This vulnerability allows attackers to cause denial-of-service conditions, impacting the availability of GitLab services.
Severity
6.5
Medium
Defender Context
This vulnerability in GitLab's CI/CD component can lead to denial of service, disrupting development pipelines and operations. Defenders should prioritize patching affected GitLab instances to versions 16.3.6, 16.4.2, or 16.5.1 and monitor for unusual CI/CD activity.