An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests.
References
Link | Resource |
---|---|
https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-asana-integration-issue-mapping-when-webhook-is-called | Release Notes Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/443577 | Vendor Advisory |
https://hackerone.com/reports/2376482 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Aug 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
18 Jul 2024, 19:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gitlab gitlab
Gitlab |
|
CWE | CWE-1333 | |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
References | () https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-asana-integration-issue-mapping-when-webhook-is-called - Release Notes, Vendor Advisory | |
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/443577 - Vendor Advisory | |
References | () https://hackerone.com/reports/2376482 - Third Party Advisory |
13 Jun 2024, 18:36
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
12 Jun 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-12 23:15
Updated : 2024-08-30 14:15
NVD link : CVE-2024-1963
Mitre link : CVE-2024-1963
CVE.ORG link : CVE-2024-1963
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-1333
Inefficient Regular Expression Complexity