An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files.
References
Link | Resource |
---|---|
https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-ci-interpolation-fix-bypass | Release Notes Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/442695 | Vendor Advisory |
https://hackerone.com/reports/2358689 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Aug 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
18 Jul 2024, 19:50
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1333 | |
First Time |
Gitlab gitlab
Gitlab |
|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
References | () https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-ci-interpolation-fix-bypass - Release Notes, Vendor Advisory | |
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/442695 - Vendor Advisory | |
References | () https://hackerone.com/reports/2358689 - Third Party Advisory |
13 Jun 2024, 18:36
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
12 Jun 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-12 23:15
Updated : 2024-08-30 14:15
NVD link : CVE-2024-1736
Mitre link : CVE-2024-1736
CVE.ORG link : CVE-2024-1736
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-1333
Inefficient Regular Expression Complexity