Test ID:	1.3.6.1.4.1.25623.1.0.170085
Category:	Denial of Service
Title:	GitLab 8.13.x - 8.13.7, 8.14.x - 8.14.2 DoS Vulnerability
Summary:	GitLab is prone to a denial of service (DoS) vulnerability.
Description:	Summary: GitLab is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The state filter in the IssuableFinder class has the ability to filter issues and merge requests by state. This filter is implemented by calling public_send with unfiltered user input. This allows an attacker to call delete_all or destroy_all. Because the method is called before the project / group scope is applied, it deletes all issues and merge requests of the GitLab instance. Vulnerability Impact: Unauthenticated users could exploit this vulnerability on GitLab instances with publicly available projects. Users with access to any project are able to delete all issues and merge requests from all GitLab projects. Affected Software/OS: GitLab version 8.13.x through 8.13.7 and 8.14.x through 8.14.2. Solution: Update to version 8.13.8, 8.14.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9469 https://about.gitlab.com/2016/12/05/cve-2016-9469/ https://gitlab.com/gitlab-org/gitlab-ce/commit/29ceb98b5162677601702704e89d845580372078 https://gitlab.com/gitlab-org/gitlab-ce/commit/55196497301eea429913f9c4b1b37c42c2e358ce https://gitlab.com/gitlab-org/gitlab-ce/commit/f325e4e734e5e486f3b02db176eb629124052b43 https://gitlab.com/gitlab-org/gitlab-ce/issues/25064 https://hackerone.com/reports/186194
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.