CVE-2024-7610

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

29 Aug 2024, 15:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
CWE NVD-CWE-noinfo
First Time Gitlab
Gitlab gitlab
References () https://gitlab.com/gitlab-org/gitlab/-/issues/468917 - () https://gitlab.com/gitlab-org/gitlab/-/issues/468917 - Broken Link

08 Aug 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) Se descubrió una condición de denegación de servicio (DoS) en GitLab CE/EE que afecta a todas las versiones comenzando con 15.9 anterior a 17.0.6, 17.1 anterior a 17.1.4 y 17.2 anterior a 17.2.2. Es posible que un atacante provoque un retroceso catastrófico mientras analiza los resultados de Elasticsearch.

08 Aug 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 11:15

Updated : 2024-08-29 15:45


NVD link : CVE-2024-7610

Mitre link : CVE-2024-7610

CVE.ORG link : CVE-2024-7610


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption