{"api_version":"1","generated_at":"2026-04-24T01:59:50+00:00","cve":"CVE-2023-1072","urls":{"html":"https://cve.report/CVE-2023-1072","api":"https://cve.report/api/cve/CVE-2023-1072.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-1072","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-1072"},"summary":{"title":"CVE-2023-1072","description":"An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.","state":"PUBLIC","assigner":"cve@gitlab.com","published_at":"2023-03-09 22:15:00","updated_at":"2023-03-15 15:58:00"},"problem_types":["CWE-400"],"metrics":[],"references":[{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json","name":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json","refsource":"CONFIRM","tags":[],"title":"2023/CVE-2023-1072.json · master · GitLab.org / cves · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/219619","name":"https://gitlab.com/gitlab-org/gitlab/-/issues/219619","refsource":"MISC","tags":[],"title":"Not Found","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-1072","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1072","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Thanks [Nico Jones](https://gitlab.com/nico28) for reporting this vulnerability.","lang":""}],"nvd_cpes":[{"cve_year":"2023","cve_id":"1072","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"community","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1072","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-1072","qid":"378437","title":"GitLab Multiple Security Vulnerability (02-March-23)"},{"cve":"CVE-2023-1072","qid":"691081","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for gitlab (f7c5b3a9-b9fb-11ed-99c6-001b217b3468)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-1072","ASSIGNER":"cve@gitlab.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"GitLab","product":{"product_data":[{"product_name":"GitLab","version":{"version_data":[{"version_value":">=9.0, <15.7.8"},{"version_value":">=15.8, <15.8.4"},{"version_value":">=15.9, <15.9.2"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Uncontrolled resource consumption in GitLab"}]}]},"references":{"reference_data":[{"name":"https://gitlab.com/gitlab-org/gitlab/-/issues/219619","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/219619","refsource":"MISC"},{"name":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1072.json","refsource":"CONFIRM"}]},"description":{"description_data":[{"lang":"eng","value":"An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details."}]},"impact":{"cvss":{"vectorString":"AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","version":"3.1","baseScore":4.2,"baseSeverity":"MEDIUM"}},"credit":[{"lang":"eng","value":"Thanks [Nico Jones](https://gitlab.com/nico28) for reporting this vulnerability."}]},"nvd":{"publishedDate":"2023-03-09 22:15:00","lastModifiedDate":"2023-03-15 15:58:00","problem_types":["CWE-400"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"15.9","versionEndExcluding":"15.9.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"15.8","versionEndExcluding":"15.8.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"15.9","versionEndExcluding":"15.9.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"15.8","versionEndExcluding":"15.8.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.0","versionEndExcluding":"15.7.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"9.0","versionEndExcluding":"15.7.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}