CVE-2024-1066 | THREATINT

Description

An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`

PUBLISHED Reserved 2024-01-30 | Published 2024-02-07 | Updated 2026-05-11 | Assigner GitLab

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

Default status

unaffected

13.3.3 (semver) before 16.6.7

affected

16.7 (semver) before 16.7.5

affected

16.8 (semver) before 16.8.2

affected

Credits

This vulnerability has been discovered internally by GitLab team member Brian Williams finder

References

gitlab.com/gitlab-org/gitlab/-/issues/420341 (GitLab Issue #420341) issue-tracking

cve.org (CVE-2024-1066)

nvd.nist.gov (CVE-2024-1066)

Download JSON

help @ threatint.eu