PT-2024-22551 · Gitlab · Gitlab Ce/Ee+1

Ac7N0

Published

2024-05-23

Updated

2024-12-16

CVE-2024-2874

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 16.10.6 GitLab CE/EE version 16.11 prior to 16.11.3 GitLab CE/EE version 17.0 prior to 17.0.1

Description An issue has been discovered in GitLab CE/EE where a runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.

Recommendations For versions prior to 16.10.6, update to version 16.10.6 or later. For version 16.11 prior to 16.11.3, update to version 16.11.3 or later. For version 17.0 prior to 17.0.1, update to version 17.0.1 or later.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BIT-GITLAB-2024-2874

CVE-2024-2874

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2024-22551 · Gitlab · Gitlab Ce/Ee+1

CVE-2024-2874

Weakness Enumeration

Related Identifiers

Affected Products

References · 12