CVE-2024-5423

Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

29 Aug 2024, 15:41

Type Values Removed Values Added
First Time Gitlab
Gitlab gitlab
CWE NVD-CWE-noinfo
References () https://gitlab.com/gitlab-org/gitlab/-/issues/463807 - () https://gitlab.com/gitlab-org/gitlab/-/issues/463807 - Broken Link
References () https://hackerone.com/reports/2518563 - () https://hackerone.com/reports/2518563 - Permissions Required
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

08 Aug 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) Se descubrieron múltiples condiciones de denegación de servicio (DoS) en GitLab CE/EE que afectan a todas las versiones desde 1.0 anterior a 17.0.6, desde 17.1 anterior a 17.1.4 y desde 17.2 anterior a 17.2.2, lo que permitió a un atacante para causar el agotamiento de los recursos a través del oleoducto banzai.

08 Aug 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 11:15

Updated : 2024-08-29 15:41


NVD link : CVE-2024-5423

Mitre link : CVE-2024-5423

CVE.ORG link : CVE-2024-5423


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption