Home

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI file.

PUBLISHED Reserved 2024-02-23 | Published 2024-06-26 | Updated 2024-08-29 | Assigner GitLab




MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-400: Uncontrolled Resource Consumption

Product status

Default status
unaffected

12.0 (semver) before 16.11.5
affected

17.0 (semver) before 17.0.3
affected

17.1 (semver) before 17.1.1
affected

Credits

Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program finder

References

gitlab.com/gitlab-org/gitlab/-/issues/442852 (GitLab Issue #442852) issue-tracking permissions-required

hackerone.com/reports/2370737 (HackerOne Bug Bounty Report #2370737) technical-description exploit permissions-required

cve.org (CVE-2024-1816)

nvd.nist.gov (CVE-2024-1816)

Download JSON