GitLab Denial of Service Vulnerability Affects All Versions
CVE-2024-2818

6.5MEDIUM

Key Information:

Vendor
Gitlab
Status
Gitlab
Vendor
CVE Published:
28 March 2024

Badges

πŸ“° News Worthy

Summary

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels.

Affected Version(s)

GitLab 0 < 16.8.5

GitLab 16.9 < 16.9.3

GitLab 16.10 < 16.10.1

News Articles

favicon imageCybersecurityNews

GitLab Security Flaw Let Attackers Inject Malicious Scripts: Patch Now

GitLab has announced the release of updated versions for both its Community Edition (CE) and Enterprise Edition (EE), addressing critical vulnerabilities that could potentially allow attackers to inject malicious scripts and cause denial of service (DoS) attacks.

9 months ago

References

https://gitlab.com/gitlab-org/gitlab/-/issues/434803
issue-trackingpermissions-required

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Thanks Quintin Crist of Trend Micro for reporting this vulnerability.
.