CVE-2024-8177

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/480706	Broken Link
https://hackerone.com/reports/2637996	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:17.6.0::::community:::
	cpe:2.3:a:gitlab:gitlab:17.6.0::::enterprise:::

History

13 Dec 2024, 01:29

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde la 15.6 anterior a la 17.4.5, desde la 17.5 anterior a la 17.5.3, desde la 17.6 anterior a la 17.6.1, que podría causar denegación de servicio mediante la integración de un registro de puerto malicioso.
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/480706 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/480706 - Broken Link
References	~~() https://hackerone.com/reports/2637996 -~~	() https://hackerone.com/reports/2637996 - Permissions Required
First Time		Gitlab Gitlab gitlab
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:17.6.0::::enterprise::: cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:17.6.0::::community:::
CWE		NVD-CWE-noinfo

26 Nov 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-26 19:15

Updated : 2024-12-13 01:29

NVD link : CVE-2024-8177

Mitre link : CVE-2024-8177

CVE.ORG link : CVE-2024-8177

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-407

Inefficient Algorithmic Complexity

NVD-CWE-noinfo

{"id": "CVE-2024-8177", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-26T19:15:31.860", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/480706", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2637996", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-407"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde la 15.6 anterior a la 17.4.5, desde la 17.5 anterior a la 17.5.3, desde la 17.6 anterior a la 17.6.1, que podr\u00eda causar denegaci\u00f3n de servicio mediante la integraci\u00f3n de un registro de puerto malicioso."}], "lastModified": "2024-12-13T01:29:28.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "793FD94B-536F-4BC3-A2C6-76C02068D836", "versionEndExcluding": "17.4.5", "versionStartIncluding": "15.6.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "4C7417C8-D447-46F4-9CD1-11560012BFFC", "versionEndExcluding": "17.4.5", "versionStartIncluding": "15.6.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "5C1F85A0-709A-4C88-9C40-93D3C47AFD54", "versionEndExcluding": "17.5.3", "versionStartIncluding": "17.5.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "305F5CB5-5B11-4AA7-ABAE-D4B9A05F6B4A", "versionEndExcluding": "17.5.3", "versionStartIncluding": "17.5.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "3A39B04B-D109-467A-82E1-3FE6CBA48FEE"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "1212AE23-98AB-4E7A-AAB5-0AD266DFC7D4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}