Lucene search

GitLabVULNRICHMENT:CVE-2024-1066

HistoryFeb 07, 2024 - 10:02 p.m.

CVE-2024-1066 Uncontrolled Resource Consumption in GitLab

2024-02-0722:02:11

CWE-400

GitLab

github.com

gitlab

resource consumption

version 13.3.0

version 16.8.2

graphql

vulnerabilities count

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL vulnerabilitiesCountByDay

References

gitlab.com/gitlab-org/gitlab/-/issues/420341

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-1066