CVE-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-gomod-dependency-linker	Release Notes Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/441807	Vendor Advisory
https://hackerone.com/reports/2359528	Third Party Advisory
https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-gomod-dependency-linker	Release Notes Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/441807	Vendor Advisory
https://hackerone.com/reports/2359528	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

21 Nov 2024, 08:50

Type	Values Removed	Values Added
References	~~() https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-gomod-dependency-linker - Release Notes, Vendor Advisory~~	() https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-gomod-dependency-linker - Release Notes, Vendor Advisory
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/441807 - Vendor Advisory~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/441807 - Vendor Advisory
References	~~() https://hackerone.com/reports/2359528 - Third Party Advisory~~	() https://hackerone.com/reports/2359528 - Third Party Advisory

30 Aug 2024, 14:15

Type	Values Removed	Values Added
CWE	~~CWE-400~~

18 Jul 2024, 19:52

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
References	~~() https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-gomod-dependency-linker -~~	() https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-gomod-dependency-linker - Release Notes, Vendor Advisory
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/441807 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/441807 - Vendor Advisory
References	~~() https://hackerone.com/reports/2359528 -~~	() https://hackerone.com/reports/2359528 - Third Party Advisory
CWE		CWE-1333
First Time		Gitlab Gitlab gitlab

13 Jun 2024, 18:36

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 13.1 anterior a 16.10.7, desde 16.11 anterior a 16.11.4 y desde 17.0 anterior a 17.0.2. Era posible que un atacante provocara una denegación de servicio utilizando un archivo creado con fines malintencionados.

12 Jun 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-12 23:15

Updated : 2024-11-21 08:50

NVD link : CVE-2024-1495

Mitre link : CVE-2024-1495

CVE.ORG link : CVE-2024-1495

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-1333

Inefficient Regular Expression Complexity

6.5 /10