- Description
- An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file.
- Source
- cve@gitlab.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- cve@gitlab.com
- CWE-770
- Hype score
- Not currently trending
Gitlab fixes CVE-2024-8312 and CVE-2024-6826 #Gitlab #CVE-2024-8312 #CVE-2024-6826 https://t.co/rubXHKvMIo
@pravin_karthik
25 Oct 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitLabで高深刻度のクロスサイトスクリプティング脆弱性が修正。CVE-2024-8312はCVSSスコア8.7で、diff表示のグローバル検索部分が脆弱。DoS脆弱性のCVE-2024-6826も修正。 https://t.co/5vQkrQy7rM
@__kokumoto
24 Oct 2024
776 Impressions
3 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DAE658B-EAB6-42B9-990F-A9FF15696831",
"versionEndExcluding": "17.3.6",
"versionStartIncluding": "11.2.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB2E46F3-3C6D-4498-B185-6F47A3299044",
"versionEndExcluding": "17.3.6",
"versionStartIncluding": "11.2.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D8C07CE-4771-4620-96B3-17EA81B6AAF4",
"versionEndExcluding": "17.4.3",
"versionStartIncluding": "17.4.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4373294-4C6B-4299-88D3-D3568A285A56",
"versionEndExcluding": "17.4.3",
"versionStartIncluding": "17.4.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:17.5.0:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97618D0B-B13A-4111-A78E-3BCB4F023382"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:17.5.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "603F1273-E30C-4EBB-AFEA-6713D273C4F3"
}
],
"operator": "OR"
}
]
}
]