CVE-2024-1736

2024-06-1223:15:49

CWE-400

[email protected]

web.nvd.nist.gov

gitlab

vulnerability

ci/cd

denial of service

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab’s CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files.

CNA Affected

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "versions": [
      {
        "version": "15.8",
        "status": "affected",
        "lessThan": "16.10.7",
        "versionType": "semver"
      },
      {
        "version": "16.11",
        "status": "affected",
        "lessThan": "16.11.4",
        "versionType": "semver"
      },
      {
        "version": "17.0",
        "status": "affected",
        "lessThan": "17.0.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]