CVE-2024-8233

Published: Dec 12, 2024Modified: Jul 11, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: cve@gitlab.com (Secondary)

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 17.5.0 to 17.5.4
Gitlab Gitlab	From 17.6.0 to 17.6.2
Gitlab Gitlab	From 9.4.0 to 17.4.6
Gitlab Gitlab	From 17.5.0 to 17.5.4
Gitlab Gitlab	From 17.6.0 to 17.6.2
Gitlab Gitlab	From 9.4.0 to 17.4.6

Related CWEs

CWE-407

Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/480867

Source: cve@gitlab.com

ExploitIssue TrackingVendor Advisory

https://hackerone.com/reports/2650086

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.