CVE-2024-1736

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 16.10.7 GitLab CE/EE versions 16.11 prior to 16.11.4 GitLab CE/EE versions 17.0 prior to 17.0.2

Description A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files. This issue is related to uncontrolled resource consumption, which can be exploited by a remote attacker to cause a denial of service using specially crafted malicious files.

Recommendations For versions prior to 16.10.7, update to version 16.10.7 or later. For versions 16.11 prior to 16.11.4, update to version 16.11.4 or later. For versions 17.0 prior to 17.0.2, update to version 17.0.2 or later. As a temporary workaround, consider restricting access to the CI/CD pipeline editor to minimize the risk of exploitation.