CVE-2024-2454

2024-05-1400:00:00

ubuntu.com

gitlab

vulnerability

cve-2024-2454

unix

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions
starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5,
and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible
to DoS through a crafted request.