Denial of Service Vulnerability in GitLab CE/EE - Comprehensive Overview
CVE-2024-8177

7.5HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 26 November 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

CVE-2024-8177 represents a critical denial of service vulnerability within GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability affects all versions starting from 15.6 up until 17.4.4, as well as versions 17.5 through 17.5.2 and versions 17.6 through 17.6.0. An attacker could exploit this vulnerability by integrating a malicious harbor registry, which could lead to a denial of service condition, interrupting service availability for users. It’s essential for GitLab users to update to the latest versions to mitigate this risk effectively.

Affected Version(s)

GitLab 15.6 < 17.4.5

GitLab 17.5 < 17.5.3

GitLab 17.6 < 17.6.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-8177 - Proof of Concept

References

https://gitlab.com/gitlab-org/gitlab/-/issues/480706

issue-trackingpermissions-required

https://hackerone.com/reports/2637996

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 26, 2024
👾
Exploit known to exist
Nov 26, 2024
Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Aug 26, 2024

Credit

Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program