An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/420341 |
History
Tue, 08 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-400 |
Fri, 04 Oct 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 03 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Uncontrolled Resource Consumption in GitLab | Allocation of Resources Without Limits or Throttling in GitLab |
Weaknesses | CWE-770 |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-02-07T22:02:11.043Z
Updated: 2024-10-03T06:23:18.169Z
Reserved: 2024-01-30T12:02:21.519Z
Link: CVE-2024-1066
Vulnrichment
Updated: 2024-08-01T18:26:30.545Z
NVD
Status : Modified
Published: 2024-02-07T22:15:09.797
Modified: 2024-11-21T08:49:43.170
Link: CVE-2024-1066
Redhat
No data.