GitLab Discloses Critical DoS Flaw Affecting Multiple Versions

CVE-2024-7610

6.5MEDIUM

Key Information

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 8 August 2024

Summary

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.

Affected Version(s)

GitLab < 17.0.6

GitLab < 17.1.4

GitLab < 17.2.2

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved.
Aug 8, 2024
Vulnerability published.
Aug 8, 2024

Collectors

NVD DatabaseMitre Database

Credit

This vulnerability was discovered internally by GitLab team member [Terri Chu](https://gitlab.com/terrichu)