CVE-2024-1963

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1963
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-asana-integration-issue-mapping-when-webhook-is-called Release Notes Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/443577 Vendor Advisory
https://hackerone.com/reports/2376482 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
History

30 Aug 2024, 14:15

Type Values Removed Values Added
CWE CWE-400

18 Jul 2024, 19:46

Type Values Removed Values Added
First Time Gitlab gitlab
Gitlab
CWE CWE-1333
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
References () https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-asana-integration-issue-mapping-when-webhook-is-called - () https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-asana-integration-issue-mapping-when-webhook-is-called - Release Notes, Vendor Advisory
References () https://gitlab.com/gitlab-org/gitlab/-/issues/443577 - () https://gitlab.com/gitlab-org/gitlab/-/issues/443577 - Vendor Advisory
References () https://hackerone.com/reports/2376482 - () https://hackerone.com/reports/2376482 - Third Party Advisory

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 8.4 anterior a 16.10.7, desde 16.11 anterior a 16.11.4 y desde 17.0 anterior a 17.0.2. Una vulnerabilidad en la integración de Asana de GitLab permitió a un atacante causar potencialmente una denegación de servicio de expresión regular mediante el envío de solicitudes especialmente manipuladas.

12 Jun 2024, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-12 23:15

Updated : 2024-08-30 14:15

NVD link : CVE-2024-1963

Mitre link : CVE-2024-1963

CVE.ORG link : CVE-2024-1963

JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-1333

Inefficient Regular Expression Complexity


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024