CVE-2023-29449

MEDIUM Year: 2023
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-400
View all →

Vulnerability Description

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.

Related Vulnerabilities

CVE-2017-12076

MEDIUM
CVSS:4.9(Medium)

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources ...

CWE-4002017

CVE-2017-12077

MEDIUM
CVSS:4.9(Medium)

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resource...

CWE-4002017

CVE-2018-20699

MEDIUM
CVSS:4.9(Medium)

Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, p...

CWE-4002018

CVE-2019-13007

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletio...

CWE-4002019

CVE-2019-5445

MEDIUM
CVSS:4.9(Medium)

DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands.

CWE-4002019

CVE-2020-8123

MEDIUM
CVSS:4.9(Medium)

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.

CWE-4002020