Unrated severityNVD Advisory· Published Dec 12, 2024· Updated Dec 12, 2024

Inefficient Algorithmic Complexity in GitLab

CVE-2024-8233

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.

Affected products

GitLab Inc./GitLabv52 versions
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 9.4
- (no CPE)range: >=9.4, <17.4.6, >=17.5, <17.5.4, >=17.6, <17.6.2
osv-coords8 versions
pkg:apk/chainguard/gitlab-base-fips-17.6 pkg:apk/chainguard/gitlab-cng-fips-17.6 pkg:apk/chainguard/gitlab-container-registry-fips-17.6 pkg:apk/chainguard/gitlab-elasticsearch-indexer-fips-17.6 pkg:apk/chainguard/gitlab-logger-fips-17.6 pkg:apk/chainguard/gitlab-shell-fips-17.6 pkg:apk/chainguard/gitlab-toolbox-fips-17.6 pkg:bitnami/gitlab
< 17.6.5-r0+ 7 more
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: >= 9.4.0, < 17.4.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

hackerone.com/reports/2650086mitretechnical-descriptionexploitpermissions-required
gitlab.com/gitlab-org/gitlab/-/issues/480867mitreissue-trackingpermissions-required

News mentions

GitLab Patch Release: 17.6.2, 17.5.4, 17.4.6
GitLab Security Releases · Dec 11, 2024

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000