Lucene search

Ubuntu.comUB:CVE-2024-1493

HistoryJun 27, 2024 - 12:00 a.m.

CVE-2024-1493

2024-06-2700:00:00

ubuntu.com

gitlab

dependency files

regular expression

dos attack

unix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

Low

JSON

An issue was discovered in GitLab CE/EE affecting all versions starting
from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting
from 17.1 prior to 17.1.1, with the processing logic for generating link in
dependency files can lead to a regular expression DoS attack on the server

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

gitlab.com/gitlab-org/gitlab/-/issues/441806

hackerone.com/reports/2370084

launchpad.net/bugs/cve/CVE-2024-1493

nvd.nist.gov/vuln/detail/CVE-2024-1493

security-tracker.debian.org/tracker/CVE-2024-1493

www.cve.org/CVERecord?id=CVE-2024-1493

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

Low

JSON

Related for UB:CVE-2024-1493