CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8237 – Inefficient Algorithmic Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-8237
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file. • https://gitlab.com/gitlab-org/gitlab/-/issues/480900 https://hackerone.com/reports/2648665 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11668 – Insufficient Session Expiration in GitLab
https://notcve.org/view.php?id=CVE-2024-11668
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results. • https://gitlab.com/gitlab-org/gitlab/-/issues/456922 • CWE-613: Insufficient Session Expiration •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9633 – Incorrect Ownership Assignment in GitLab
https://notcve.org/view.php?id=CVE-2024-9633
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks. An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks. • https://gitlab.com/gitlab-org/gitlab/-/issues/498257 https://hackerone.com/reports/2759470 • CWE-708: Incorrect Ownership Assignment •