CVE-2024-2829 | THREATINT

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service.

PUBLISHED Reserved 2024-03-22 | Published 2024-04-25 | Updated 2025-11-19 | Assigner GitLab

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-1333: Inefficient Regular Expression Complexity

Product status

Default status

unaffected

12.5 (semver) before 16.9.6

affected

16.10 (semver) before 16.10.4

affected

16.11 (semver) before 16.11.1

affected

Credits

Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program finder

References

gitlab.com/gitlab-org/gitlab/-/issues/451456 (GitLab Issue #451456) issue-tracking permissions-required

hackerone.com/reports/2416728 (HackerOne Bug Bounty Report #2416728) technical-description exploit

gitlab.com/gitlab-org/gitlab/-/issues/451456 (GitLab Issue #451456) issue-tracking permissions-required

hackerone.com/reports/2416728 (HackerOne Bug Bounty Report #2416728) technical-description exploit

cve.org (CVE-2024-2829)

nvd.nist.gov (CVE-2024-2829)

Download JSON