BIT-gitlab-2024-12379

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/gitlab/BIT-gitlab-2024-12379.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-gitlab-2024-12379

Aliases

CVE-2024-12379

Published

2025-02-17T19:27:19.016Z

Modified

2025-05-20T10:02:07.006Z

Summary

Allocation of Resources Without Limits or Throttling in GitLab

Details

A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.

Database specific

{
    "cpes": [
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / gitlab

Package

Name: gitlab
Purl: pkg:bitnami/gitlab

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

14.1.0

Fixed

17.8.2

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/gitlab/BIT-gitlab-2024-12379.json"