CVE-2024-2874 - OpenCVE

An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/451911
https://hackerone.com/reports/2426166

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitLab

Published: 2024-05-23T07:02:35.610Z

Updated: 2024-06-04T17:30:47.399Z

Reserved: 2024-03-25T20:30:39.244Z

Link: CVE-2024-2874

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-23T07:15:08.463

Modified: 2024-05-24T01:15:30.977

Link: CVE-2024-2874

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2874", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-03-25T20:30:39.244Z", "datePublished": "2024-05-23T07:02:35.610Z", "dateUpdated": "2024-06-04T17:30:47.399Z"}, "containers": {"cna": {"title": "Uncontrolled Resource Consumption in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "versions": [{"version": "0", "status": "affected", "lessThan": "16.10.6", "versionType": "semver"}, {"version": "16.11", "status": "affected", "lessThan": "16.11.3", "versionType": "semver"}, {"version": "17.0", "status": "affected", "lessThan": "17.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "cweId": "CWE-400", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451911", "name": "GitLab Issue #451911", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2426166", "name": "HackerOne Bug Bounty Report #2426166", "tags": ["technical-description", "exploit", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.10.6, 16.11.3, 17.0.1 or above."}], "credits": [{"lang": "en", "value": "Thanks [ac7n0w](https://hackerone.com/ac7n0w) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-05-23T07:02:35.610Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2874", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T16:32:54.315166Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:30:47.399Z"}}]}}