Lucene search

Redhat.comRH:CVE-2024-2829

HistoryApr 25, 2024 - 1:09 p.m.

CVE-2024-2829

2024-04-2513:09:25

redhat.com

access.redhat.com

gitlab

filefinder

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A flaw was found in GitLab CE/EE. This issue contains a crafted wildcard filter in FileFinder that may lead to a denial of service and affects all versions starting from 12.5 through 16.9.6, 16.10 through 16.10.4, and 16.11 through 16.11.1.

References

bugzilla.redhat.com/show_bug.cgi?id=2277137

gitlab.com/gitlab-org/gitlab/-/issues/451456

hackerone.com/reports/2416728

nvd.nist.gov/vuln/detail/CVE-2024-2829

www.cve.org/CVERecord?id=CVE-2024-2829

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for RH:CVE-2024-2829