A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.
History

Thu, 29 Aug 2024 16:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Thu, 29 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Gitlab
Gitlab gitlab
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab

Thu, 08 Aug 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 08 Aug 2024 10:45:00 +0000

Type Values Removed Values Added
Description A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.
Title Uncontrolled Resource Consumption in GitLab
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-08-08T10:30:43.133Z

Updated: 2024-08-29T15:05:01.225Z

Reserved: 2024-08-08T10:02:04.174Z

Link: CVE-2024-7610

cve-icon Vulnrichment

Updated: 2024-08-08T12:53:59.411Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-08T11:15:13.857

Modified: 2024-08-29T15:45:27.523

Link: CVE-2024-7610

cve-icon Redhat

No data.