CVE-2023-3904

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-3904

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3904.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3904

Aliases

BIT-gitlab-2023-3904

Downstream

UBUNTU-CVE-2023-3904

Published

2023-12-15T16:03:15.329Z

Modified

2026-04-10T04:59:18.385236Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Improper Validation of Specified Type of Input in GitLab

Details

An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3904.json",
    "cna_assigner": "GitLab",
    "cwe_ids": [
        "CWE-1287"
    ]
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

Last affected

7de773390b4ddc765d102467a62e607aa9cfe1aa

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.4.3"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

fc87c9d4cca1536abcf902b4128f5c2004d87162

Fixed

e61024519bb5cc50876f66ccd646ffb4f362cb9f

Database specific

{
    "versions": [
        {
            "introduced": "16.5"
        },
        {
            "fixed": "16.5.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

94991886af3e3820aa09fa353b29cf8557c93168

Fixed

fddcadf1869c436c104fcc477884a0c17c2b3c70

Database specific

{
    "versions": [
        {
            "introduced": "16.6"
        },
        {
            "fixed": "16.6.2"
        }
    ]
}

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee

11-10-0cfa69752d8-74ffd66ae-ee

11-10-119f9509d50-6d7537235-ee

v1.*

v1.2.0

v1.2.0pre

v1.2.1

v1.2.2

v16.*

v16.4.0-ee

v16.4.0-rc42-ee

v16.4.0-rc43-ee

v16.4.3-ee

v16.5.0-ee

v16.5.2-ee

v16.6.0-ee

v2.*

v2.3.0

v2.3.0pre

v2.3.1

v2.4.0

v2.4.0pre

v2.4.1

v2.5.0

v2.6.0

v2.6.0pre

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0pre

v2.8.0

v2.8.0pre

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.5.0-ee

v6.6.0-ee

v6.7.0-ee

v6.7.0.rc1-ee

v6.8.0-ee

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3904.json"