CVE-2024-5423

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 1.0 through 17.0.6 GitLab CE/EE versions 17.1 through 17.1.4 GitLab CE/EE versions 17.2 through 17.2.2

Description A Denial of Service (DoS) condition has been discovered in GitLab CE/EE, allowing an attacker to cause resource exhaustion via the banzai pipeline. This issue affects multiple versions of the software and can be exploited by a remote attacker to cause a service disruption.

Recommendations For versions 1.0 through 17.0.6, update to a version later than 17.0.6. For versions 17.1 through 17.1.4, update to a version later than 17.1.4. For versions 17.2 through 17.2.2, update to a version later than 17.2.2. As a temporary workaround, consider restricting access to the banzai pipeline to minimize the risk of exploitation.