CVE-2024-2818
Allocation of Resources Without Limits or Throttling in GitLab
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels.
Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 16.8.5, todas las versiones desde 16.9 anteriores a 16.9.3, todas las versiones desde 16.10 anteriores a 16.10.1. Era posible que un atacante provocara una denegación de servicio utilizando un parámetro de descripción manipulado maliciosamente para las etiquetas.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of GitLab. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of label descriptions. By sending a crafted request, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-22 CVE Reserved
- 2024-03-28 CVE Published
- 2024-04-03 EPSS Updated
- 2024-10-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (0)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
GitLab Search vendor "GitLab" | GitLab Search vendor "GitLab" for product "GitLab" | < 16.8.5 Search vendor "GitLab" for product "GitLab" and version " < 16.8.5" | en |
Affected
| ||||||
GitLab Search vendor "GitLab" | GitLab Search vendor "GitLab" for product "GitLab" | >= 16.9.0 < 16.9.3 Search vendor "GitLab" for product "GitLab" and version " >= 16.9.0 < 16.9.3" | en |
Affected
| ||||||
GitLab Search vendor "GitLab" | GitLab Search vendor "GitLab" for product "GitLab" | >= 16.10.0 < 16.10.1 Search vendor "GitLab" for product "GitLab" and version " >= 16.10.0 < 16.10.1" | en |
Affected
|