CVE-2024-1816

An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI file.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:*

History

28 Jun 2024, 13:23

Type Values Removed Values Added
First Time Gitlab gitlab
Gitlab
References () https://gitlab.com/gitlab-org/gitlab/-/issues/442852 - () https://gitlab.com/gitlab-org/gitlab/-/issues/442852 - Broken Link
References () https://hackerone.com/reports/2370737 - () https://hackerone.com/reports/2370737 - Permissions Required
CPE cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 5.5

27 Jun 2024, 12:47

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 12.0 anterior a 16.11.5, desde 17.0 anterior a 17.0.3 y desde 17.1 anterior a 17.1.1, lo que permite que un atacante provoque una denegación de servicio utilizando un archivo OpenAPI manipulado.

27 Jun 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-27 00:15

Updated : 2024-06-28 13:23


NVD link : CVE-2024-1816

Mitre link : CVE-2024-1816

CVE.ORG link : CVE-2024-1816


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption