Back to search
CVE-2024-8177
Published: Nov 26, 2024
Modified: Nov 26, 2024
PUBLISHED
CVSS v3.1
5.3
MEDIUM
Description
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.
| Vendor | Product | Versions |
|---|---|---|
GitLab | GitLab | affected 15.6 - < 17.4.5affected 17.5 - < 17.5.3affected 17.6 - < 17.6.1 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
References
GitLab Issue #480706
issue-tracking
permissions-required
HackerOne Bug Bounty Report #2637996
technical-description
exploit
permissions-required
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now