CVE-2023-3246

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-3246
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3246.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-3246
Aliases
Downstream
Published
2023-11-06T12:01:43.918Z
Modified
2025-11-20T20:34:48.917692Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Allocation of Resources Without Limits or Throttling in GitLab
Details

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

Database specific 
{
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
6369db0196ec7b6e288b16382c95243424a59b62
Fixed
128862473d18a7df991090bb25688a8c81fcb0fe
Database specific 
{
    "versions": [
        {
            "introduced": "10.3"
        },
        {
            "fixed": "16.3.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
e4c1c182610739c1b1d10a8eacbea1f5aa837ad6
Fixed
385b9a2727ad972efe1fcdca3a61c447329ecd09
Database specific 
{
    "versions": [
        {
            "introduced": "16.4.0"
        },
        {
            "fixed": "16.4.2"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
fc87c9d4cca1536abcf902b4128f5c2004d87162
Fixed
55da9ccb652fcf67641114264ecded0dab88f4dc
Database specific 
{
    "versions": [
        {
            "introduced": "16.5.0"
        },
        {
            "fixed": "16.5.1"
        }
    ]
}

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee

v10.*

v10.3.0.pre
v10.4.0.pre
v10.5.0.pre
v10.6.0.pre
v10.7.0.pre
v10.8.0.pre
v10.9.0.pre

v11.*

v11.0.0.pre
v11.1.0.pre
v11.2.0.pre
v11.3.0.pre

v16.*

v16.3.0-ee
v16.3.0-rc42-ee
v16.3.0-rc43-ee
v16.3.1-ee
v16.3.2-ee
v16.3.3-ee
v16.3.4-ee
v16.3.5-ee
v16.4.0-ee
v16.4.1-ee
v16.5.0-ee

v6.*

v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.2.1
v6.2.2
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.4.1
v6.4.2
v6.4.3
v6.5.0-ee
v6.5.1
v6.6.0-ee
v6.6.1
v6.6.2
v6.7.0-ee
v6.7.0.rc1-ee
v6.7.1
v6.7.2
v6.8.0-ee
v6.8.1

v7.*

v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee
v7.4.0-ee
v7.4.1-ee
v7.4.2-ee
v7.4.3-ee
v7.4.4-ee

v8.*

v8.11.0
v8.11.0-ee
v8.11.0-rc1
v8.11.0-rc1-ee
v8.11.0-rc2
v8.11.0-rc2-ee
v8.11.0-rc3
v8.11.0-rc3-ee
v8.11.0-rc4
v8.11.0-rc4-ee
v8.11.0-rc5
v8.11.0-rc5-ee
v8.11.0-rc6
v8.11.0-rc6-ee
v8.11.0-rc7
v8.11.0-rc7-ee
v8.11.1
v8.12.0
v8.12.0-ee
v8.12.0-rc1
v8.12.0-rc1-ee
v8.12.0-rc2
v8.12.0-rc2-ee
v8.12.0-rc3
v8.12.0-rc3-ee
v8.12.0-rc4
v8.12.0-rc4-ee
v8.12.0-rc5
v8.12.0-rc5-ee
v8.12.0-rc6
v8.12.0-rc6-ee
v8.12.0-rc7
v8.12.0-rc7-ee
v8.12.0.pre
v8.12.1
v8.12.1-ee
v8.12.2
v8.12.2-ee
v8.12.3-ee
v8.2.0-ee
v8.2.0.rc1
v8.2.0.rc1-ee
v8.2.0.rc2
v8.2.0.rc2-ee
v8.8.0
v8.8.0-ee
v8.8.0-rc1
v8.8.0-rc1-ee
v8.8.0-rc2
v8.8.0-rc2-ee
v8.8.1-ee