CVE-2024-5423

Published Aug 8, 2024

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline.
Source: cve@gitlab.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
cve@gitlab.com: CWE-400

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D52C923A-0C23-4020-A383-EBEB936E0CD0",
            "versionEndExcluding": "17.0.6",
            "versionStartIncluding": "1.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73844CD0-FDE4-471B-8BE3-835BC50ECC97",
            "versionEndExcluding": "17.0.6",
            "versionStartIncluding": "1.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CA14692-9997-4A11-8B3D-29199A3498D4",
            "versionEndExcluding": "17.1.4",
            "versionStartIncluding": "17.1.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39754D78-BBE0-41D9-B2AB-5402B32C8ECF",
            "versionEndExcluding": "17.1.4",
            "versionStartIncluding": "17.1.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "153C136B-FF14-43EC-AE67-68273DF7D9ED",
            "versionEndExcluding": "17.2.2",
            "versionStartIncluding": "17.2.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BE7EFA9-D9B4-4E7E-81B2-597D3DC5756E",
            "versionEndExcluding": "17.2.2",
            "versionStartIncluding": "17.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References