PT-2024-5514 · Gitlab · Gitlab Ce/Ee+1
Gudanggaramfilteron
·
Published
2024-08-07
·
Updated
2024-08-23
·
CVE-2024-4210
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 12.6 through 17.0.5
GitLab CE/EE version 17.1 prior to 17.1.4
GitLab CE/EE version 17.2 prior to 17.2.2
Description
The issue is related to an uncontrolled resource consumption in GitLab, a software platform based on git for collaborative code work. It allows a remote attacker to cause a denial of service by sending specially crafted adoc files.
Recommendations
For GitLab CE/EE versions 12.6 through 17.0.5, update to version 17.0.6 or later.
For GitLab CE/EE version 17.1 prior to 17.1.4, update to version 17.1.4 or later.
For GitLab CE/EE version 17.2 prior to 17.2.2, update to version 17.2.2 or later.
As a temporary workaround, consider restricting the use of adoc files until a patch is available.
Exploit
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee