CVE-2024-7610

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.9 through 17.0.5 GitLab CE/EE version 17.1 prior to 17.1.4 GitLab CE/EE version 17.2 prior to 17.2.2

Description A Denial of Service (DoS) condition has been discovered in GitLab CE/EE. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch, leading to uncontrolled resource consumption during search result processing. This can allow a remote attacker to cause a denial of service.

Recommendations For GitLab CE/EE versions 15.9 through 17.0.5, update to version 17.0.6 or later to resolve the issue. For GitLab CE/EE version 17.1 prior to 17.1.4, update to version 17.1.4 or later to resolve the issue. For GitLab CE/EE version 17.2 prior to 17.2.2, update to version 17.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to Elasticsearch results to minimize the risk of exploitation.