CVE-2023-0886 Information

Description

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7 15.7 before 15.7.6 and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which when repeatedly requested saturates CPU usage.

Reference

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0886.json https://gitlab.com/gitlab-org/gitlab/-/issues/376247 https://hackerone.com/reports/1685995