CVE-2024-7610

Published Aug 8, 2024

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.
Source: cve@gitlab.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
cve@gitlab.com: CWE-400

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "684A0BB7-D809-4BD0-BEC2-4D9F25094978",
            "versionEndExcluding": "17.0.6",
            "versionStartIncluding": "15.9.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6E0DBD3-010A-405C-9EFB-FB98058CA5A7",
            "versionEndExcluding": "17.0.6",
            "versionStartIncluding": "15.9.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CA14692-9997-4A11-8B3D-29199A3498D4",
            "versionEndExcluding": "17.1.4",
            "versionStartIncluding": "17.1.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39754D78-BBE0-41D9-B2AB-5402B32C8ECF",
            "versionEndExcluding": "17.1.4",
            "versionStartIncluding": "17.1.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "153C136B-FF14-43EC-AE67-68273DF7D9ED",
            "versionEndExcluding": "17.2.2",
            "versionStartIncluding": "17.2.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BE7EFA9-D9B4-4E7E-81B2-597D3DC5756E",
            "versionEndExcluding": "17.2.2",
            "versionStartIncluding": "17.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References