GitLab Experiences Denial of Service Vulnerability
CVE-2024-8233

Currently unrated

Key Information:

Vendor: GitLab
Vendor: CVE Published:; 12 December 2024

Summary

A denial of service vulnerability has been identified in GitLab Community Edition and Enterprise Edition, impacting all versions from 9.4 up to but not including 17.4.6, 17.5 up to but not including 17.5.4, and 17.6 up to but not including 17.6.2. An attacker may exploit this vulnerability by sending specially crafted requests for diff files associated with a commit or merge request, leading to potential service interruptions and unavailability for the affected GitLab instances. Mitigation strategies should be implemented promptly to reduce the risk of exploitation.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/480867

https://hackerone.com/reports/2650086

Timeline

Vulnerability published
Dec 12, 2024