A92847865

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 11.2 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 GitLab CE/EE versions 18.9 through 18.9.0 **Description** An authenticated user could cause a denial of service by exploiting a Bitbucket Server import endpoint. This occurs through repeatedly sending large responses to the `'/import/bitbucket/project'` API endpoint. The `project key` parameter is involved in this issue. **Recommendations** Update GitLab CE/EE to version 18.7.5 or later. Update GitLab CE/EE to version 18.8.5 or later. Update GitLab CE/EE to version 18.9.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 14.4 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 GitLab CE/EE versions 18.9 through 18.9.0 **Description** An unauthenticated user could potentially cause a denial-of-service condition by sending specially crafted requests to the Jira events endpoint `/jira events`. **Recommendations** Update GitLab CE/EE to version 18.7.5 or later. Update GitLab CE/EE to version 18.8.5 or later. Update GitLab CE/EE to version 18.9.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 15.6 through 18.6.6 GitLab EE versions 18.7 through 18.7.4 GitLab EE versions 18.8 through 18.8.4 **Description** An authenticated user could cause a Denial of Service by uploading a malicious file and repeatedly querying it through GraphQL. The issue affects GitLab EE. **Recommendations** Update GitLab EE to version 18.6.6 or later. Update GitLab EE to version 18.7.4 or later. Update GitLab EE to version 18.8.4 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 2.1.0 through 17.10.7 GitLab CE/EE versions 17.11 through 17.11.3 GitLab CE/EE versions 18.0 through 18.0.1 **Description** An issue has been discovered in GitLab CE/EE, where a lack of input validation in HTTP responses could allow an authenticated user to cause denial of service. **Recommendations** For versions 2.1.0 through 17.10.7, update to version 17.10.8 or later. For versions 17.11 through 17.11.3, update to version 17.11.4 or later. For versions 18.0 through 18.0.1, update to version 18.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 9.4 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 **Description** The issue affects GitLab CE/EE and is related to an uncontrolled resource consumption. An attacker could cause a denial of service with requests for diff files on a commit or merge request. This could allow a remote attacker to cause a denial of service. **Recommendations** For versions 9.4 through 17.4.6, update to a version after 17.4.6 to resolve the issue. For versions 17.5 through 17.5.4, update to a version after 17.5.4 to resolve the issue. For versions 17.6 through 17.6.2, update to a version after 17.6.2 to resolve the issue. As a temporary workaround, consider restricting access to diff files on commit or merge requests to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.6 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1 Description: An issue was discovered in GitLab CE/EE that could cause Denial of Service via integrating a malicious harbor registry. The issue is related to algorithmic complexity and can be exploited by a remote attacker to cause a denial of service. Recommendations: For GitLab CE/EE versions 15.6 through 17.4.5, update to version 17.4.5 or later to resolve the issue. For GitLab CE/EE versions 17.5 through 17.5.3, update to version 17.5.3 or later to resolve the issue. For GitLab CE/EE versions 17.6 through 17.6.1, update to version 17.6.1 or later to resolve the issue. As a temporary workaround, consider restricting the integration of harbor registries to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.2 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 GitLab CE/EE versions 17.5 through 17.5.0 Description: A denial of service issue has been discovered in GitLab CE/EE. This issue can be exploited by importing a maliciously crafted XML manifest file, potentially allowing a remote attacker to cause a denial of service. The issue is related to the lack of protection measures for the web page structure. Recommendations: For GitLab CE/EE versions 11.2 through 17.3.5, update to version 17.3.6 or later. For GitLab CE/EE versions 17.4 through 17.4.2, update to version 17.4.3 or later. For GitLab CE/EE versions 17.5 through 17.5.0, update to version 17.5.1 or later. As a temporary workaround, consider restricting the import of XML manifest files until a patch is available.

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.6 through 17.2.9 GitLab CE/EE versions 17.3 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 Description: An issue was discovered in GitLab CE/EE where viewing diffs of MR with conflicts can be slow. This issue is related to insufficient input validation, which may allow an attacker to cause a denial of service. Recommendations: For GitLab CE/EE versions 13.6 through 17.2.9, consider optimizing the diff viewing process for MR with conflicts until a patch is available. For GitLab CE/EE versions 17.3 through 17.3.5, consider optimizing the diff viewing process for MR with conflicts until a patch is available. For GitLab CE/EE versions 17.4 through 17.4.2, consider optimizing the diff viewing process for MR with conflicts until a patch is available.

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 17.1.6 GitLab CE/EE versions 17.2 prior to 17.2.4 GitLab CE/EE versions 17.3 prior to 17.3.1 Description: A Denial of Service (DoS) issue has been discovered in GitLab CE/EE. The issue could occur upon importing a maliciously crafted repository using the GitHub importer. Recommendations: For GitLab CE/EE versions prior to 17.1.6, upgrade to version 17.1.6 or later. For GitLab CE/EE versions 17.2 prior to 17.2.4, upgrade to version 17.2.4 or later. For GitLab CE/EE versions 17.3 prior to 17.3.1, upgrade to version 17.3.1 or later.