CVE-2024-8041

2024-08-2216:15:10

CWE-400

GitLab

web.nvd.nist.gov

gitlab uncontrolled resource consumption denial of service github importer

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

14.1%

JSON

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer.

Affected configurations

Nvd

Vulners

Node

gitlabgitlabRange<17.1.6community

gitlabgitlabRange17.2.0–17.2.4community

gitlabgitlabRange17.3.0–17.3.1community

Node

gitlabgitlabRange<17.1.6enterprise

gitlabgitlabRange17.2.0–17.2.4enterprise

gitlabgitlabRange17.3.0–17.3.1enterprise

VendorProductVersionCPE
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab:::::community:::*
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "vendor": "GitLab",
    "versions": [
      {
        "lessThan": "17.1.6",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "17.2.4",
        "status": "affected",
        "version": "17.2",
        "versionType": "semver"
      },
      {
        "lessThan": "17.3.1",
        "status": "affected",
        "version": "17.3",
        "versionType": "semver"
      }
    ]
  }
]