CVE-2024-1963

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

30 Aug 2024, 14:15

Type Values Removed Values Added
CWE CWE-400

18 Jul 2024, 19:46

Type Values Removed Values Added
First Time Gitlab gitlab
Gitlab
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
References () https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-asana-integration-issue-mapping-when-webhook-is-called - () https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-asana-integration-issue-mapping-when-webhook-is-called - Release Notes, Vendor Advisory
References () https://gitlab.com/gitlab-org/gitlab/-/issues/443577 - () https://gitlab.com/gitlab-org/gitlab/-/issues/443577 - Vendor Advisory
References () https://hackerone.com/reports/2376482 - () https://hackerone.com/reports/2376482 - Third Party Advisory
CWE CWE-1333

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 8.4 anterior a 16.10.7, desde 16.11 anterior a 16.11.4 y desde 17.0 anterior a 17.0.2. Una vulnerabilidad en la integración de Asana de GitLab permitió a un atacante causar potencialmente una denegación de servicio de expresión regular mediante el envío de solicitudes especialmente manipuladas.

12 Jun 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-12 23:15

Updated : 2024-08-30 14:15


NVD link : CVE-2024-1963

Mitre link : CVE-2024-1963

CVE.ORG link : CVE-2024-1963


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-1333

Inefficient Regular Expression Complexity