PT-2024-6691 · Gitlab · Gitlab
Setiawan
·
Published
2024-05-01
·
Updated
2024-06-28
·
CVE-2024-4557
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
GitLab versions 1.0 through 16.11.5
GitLab versions 17.0 through 17.0.3
GitLab versions 17.1 through 17.1.1
Description:
The issue is related to an uncontrolled resource consumption in the implementation of the application programming interface of the GitLab platform, which is based on git for collaborative code work. This can be exploited by a remote attacker to cause a denial of service. The vulnerability allows an attacker to cause resource exhaustion via the banzai pipeline, leading to a denial of service condition.
Recommendations:
For GitLab versions 1.0 through 16.11.5, update to version 16.11.5 or later.
For GitLab versions 17.0 through 17.0.3, update to version 17.0.3 or later.
For GitLab versions 17.1 through 17.1.1, update to version 17.1.1 or later.
Exploit
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab