CVE-2024-1816

An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI file.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/442852	Broken Link
https://hackerone.com/reports/2370737	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:17.1.0::::community:::
	cpe:2.3:a:gitlab:gitlab:17.1.0::::enterprise:::

History

28 Jun 2024, 13:23

Type	Values Removed	Values Added
First Time		Gitlab gitlab Gitlab
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/442852 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/442852 - Broken Link
References	~~() https://hackerone.com/reports/2370737 -~~	() https://hackerone.com/reports/2370737 - Permissions Required
CPE		cpe:2.3:a:gitlab:gitlab:17.1.0::::enterprise::: cpe:2.3:a:gitlab:gitlab:17.1.0::::community::: cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : unknown v3 : 5.5

27 Jun 2024, 12:47

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 12.0 anterior a 16.11.5, desde 17.0 anterior a 17.0.3 y desde 17.1 anterior a 17.1.1, lo que permite que un atacante provoque una denegación de servicio utilizando un archivo OpenAPI manipulado.

27 Jun 2024, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-27 00:15

Updated : 2024-06-28 13:23

NVD link : CVE-2024-1816

Mitre link : CVE-2024-1816

CVE.ORG link : CVE-2024-1816

JSON object : View

Products Affected

gitlab

gitlab

CWE

NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-1816", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2024-06-27T00:15:10.523", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/442852", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2370737", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI file."}, {"lang": "es", "value": " Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde 12.0 anterior a 16.11.5, desde 17.0 anterior a 17.0.3 y desde 17.1 anterior a 17.1.1, lo que permite que un atacante provoque una denegaci\u00f3n de servicio utilizando un archivo OpenAPI manipulado."}], "lastModified": "2024-06-28T13:23:54.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "1A737EB9-758A-469C-B9DF-6B77CA39118A", "versionEndExcluding": "16.11.5", "versionStartIncluding": "12.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "928DC788-6A7F-4EE9-B57D-25C4806D9BA3", "versionEndExcluding": "16.11.5", "versionStartIncluding": "12.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "541958DE-CB05-43D9-921B-4ADD2E436BF7", "versionEndExcluding": "17.0.3", "versionStartIncluding": "17.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C987EC42-A56B-462A-A0CE-7417CC0FD414", "versionEndExcluding": "17.0.3", "versionStartIncluding": "17.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "D2461A15-EA5F-43D1-B359-0F24713A713B"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "9AA7835D-35E6-44D6-9194-2AC4C38961CE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}