Lucene search

Ubuntu.comUB:CVE-2024-1816

HistoryJun 27, 2024 - 12:00 a.m.

CVE-2024-1816

2024-06-2700:00:00

ubuntu.com

gitlab

denial of service

openapi

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.9%

JSON

An issue was discovered in GitLab CE/EE affecting all versions starting
from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and
starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a
denial of service using a crafted OpenAPI file.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

gitlab.com/gitlab-org/gitlab/-/issues/442852

hackerone.com/reports/2370737

launchpad.net/bugs/cve/CVE-2024-1816

nvd.nist.gov/vuln/detail/CVE-2024-1816

security-tracker.debian.org/tracker/CVE-2024-1816

www.cve.org/CVERecord?id=CVE-2024-1816

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.9%

JSON

Related for UB:CVE-2024-1816