CVE-2024-12379

Published Feb 12, 2025

Last updated 16 days ago

CVSS medium 6.5

Overview

Description: A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.
Source: cve@gitlab.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

cve@gitlab.com: CWE-770

Hype score: Not currently trending

New post from https://t.co/uXvPWJy6tj (CVE-2024-12379 | GitLab Community Edition/Enterprise Edition up to 17.6.4/17.7.3/17.8.1 Personal Access Token scopes allocation of resources (Issue 508559)) has been published on https://t.co/73Qrt3MgXQ
@WolfgangSesin
12 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References