CVE-2024-12379

A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/508559	Exploit Issue Tracking Patch
https://hackerone.com/reports/2871791	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

06 Aug 2025, 20:17

Type	Values Removed	Values Added
First Time		Gitlab gitlab Gitlab
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/508559 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/508559 - Exploit, Issue Tracking, Patch
References	~~() https://hackerone.com/reports/2871791 -~~	() https://hackerone.com/reports/2871791 - Permissions Required
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
Summary		(es) Una vulnerabilidad de denegación de servicio en GitLab CE/EE que afecta a todas las versiones desde la 14.1 anterior a la 17.6.5, la 17.7 anterior a la 17.7.4 y la 17.8 anterior a la 17.8.2 permite a un atacante afectar la disponibilidad de GitLab mediante la creación de símbolos ilimitados por medio del parámetro scopes en un token de acceso personal.

12 Feb 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-12 15:15

Updated : 2025-08-06 20:17

NVD link : CVE-2024-12379

Mitre link : CVE-2024-12379

CVE.ORG link : CVE-2024-12379

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2024-12379", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-02-12T15:15:12.707", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508559", "tags": ["Exploit", "Issue Tracking", "Patch"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2871791", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token."}, {"lang": "es", "value": "Una vulnerabilidad de denegaci\u00f3n de servicio en GitLab CE/EE que afecta a todas las versiones desde la 14.1 anterior a la 17.6.5, la 17.7 anterior a la 17.7.4 y la 17.8 anterior a la 17.8.2 permite a un atacante afectar la disponibilidad de GitLab mediante la creaci\u00f3n de s\u00edmbolos ilimitados por medio del par\u00e1metro scopes en un token de acceso personal."}], "lastModified": "2025-08-06T20:17:22.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "C45D5945-9302-40BA-AD99-D22199AADAF0", "versionEndExcluding": "17.6.5", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CBAA7DD8-96CE-4123-A507-FE9E002496CA", "versionEndExcluding": "17.6.5", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "AC284F33-4C92-4C89-AC16-3C111D5ED888", "versionEndExcluding": "17.7.4", "versionStartIncluding": "17.7.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "23EE6F1C-8A6C-40F7-A89D-D97F9070697C", "versionEndExcluding": "17.7.4", "versionStartIncluding": "17.7.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "840C2B42-F51F-459A-B365-FEA1A2EF7F42", "versionEndExcluding": "17.8.2", "versionStartIncluding": "17.8.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C801E385-FAD0-44A5-BDE2-49708E256110", "versionEndExcluding": "17.8.2", "versionStartIncluding": "17.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}