← Back

CVE-2024-2874

nvd nist
Published: May 23, 2024Modified: Dec 16, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.

Affected (6)

Products: Gitlab: Gitlab
Gitlab
1 product
Gitlab
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Gitlab
Gitlab
Before 16.10.6
Gitlab
From 16.11.0 to 16.11.3
Gitlab
Before 16.10.6
Gitlab
From 16.11.0 to 16.11.3
Gitlab
Version 17.0.0
Gitlab
Version 17.0.0

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

Source: cve@gitlab.com
ExploitIssue Tracking
Source: cve@gitlab.com
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required

Timeline

No history available yet.