CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

30 Aug 2024, 14:15

Type Values Removed Values Added
CWE CWE-400

18 Jul 2024, 19:50

Type Values Removed Values Added
CWE CWE-1333
References () https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-ci-interpolation-fix-bypass - () https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-ci-interpolation-fix-bypass - Release Notes, Vendor Advisory
References () https://gitlab.com/gitlab-org/gitlab/-/issues/442695 - () https://gitlab.com/gitlab-org/gitlab/-/issues/442695 - Vendor Advisory
References () https://hackerone.com/reports/2358689 - () https://hackerone.com/reports/2358689 - Third Party Advisory
First Time Gitlab gitlab
Gitlab
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 16.10.7, desde 16.11 anterior a 16.11.4 y desde 17.0 anterior a 17.0.2. Una vulnerabilidad en el editor de canalización CI/CD de GitLab podría permitir ataques de denegación de servicio a través de archivos de configuración creados con fines malintencionados.

12 Jun 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-12 23:15

Updated : 2024-08-30 14:15


NVD link : CVE-2024-1736

Mitre link : CVE-2024-1736

CVE.ORG link : CVE-2024-1736


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-1333

Inefficient Regular Expression Complexity