CVE-2024-1066
published 2024-02-07CVE-2024-1066: An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.63%
45.7th percentile
An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 16.6.7-1 (sid) | gitlab 16.6.7-1 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 13.3.0 < 16.6.7 | 16.6.7 |
| gitlab | gitlab | >= 13.3.3 < 16.6.7 | 16.6.7 |
| gitlab | gitlab | >= 16.7 < 16.7.5 | 16.7.5 |
| gitlab | gitlab | >= 16.7.0 < 16.7.5 | 16.7.5 |
| gitlab | gitlab | >= 16.8 < 16.8.2 | 16.8.2 |
| gitlab | gitlab | >= 16.8.0 < 16.8.2 | 16.8.2 |
| gitlab | gitlab_ee | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: nbd: always initialize struct msghdr completely
vendor_redhat·2024-03-18·CVSS 4.4
CVE-2024-26638 [MEDIUM] CWE-456 kernel: nbd: always initialize struct msghdr completely
kernel: nbd: always initialize struct msghdr completely
In the Linux kernel, the following vulnerability has been resolved:
nbd: always initialize struct msghdr completely
syzbot complains that msg->msg_get_inq value can be uninitialized [1]
struct msghdr got many new fields recently, we should always make
sure their values is zero by default.
[1]
BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571
tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571
inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879
sock_recvmsg_nosec net/socket.c:1044 [inline]
sock_recvmsg+0x12b/0x1e0 net/socket.c:1066
__sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538
nbd_read_reply drivers/block/nbd.c:732 [inline]
recv_work+0x262/0x3100 drivers/block/nbd.c:863
process_one_work kernel/workqueue.c:2627 [inline]
pro
GitLab
CVE-2024-1066: An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which all
vendor_gitlab·2024-02-07·CVSS 6.5
CVE-2024-1066 [MEDIUM] CWE-770 CVE-2024-1066: An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which all
CVE-2024-1066: An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`
Debian
CVE-2024-1066: gitlab - An issue has been discovered in GitLab EE affecting all versions from 13.3.0 pri...
vendor_debian·2024·CVSS 6.5
CVE-2024-1066 [MEDIUM] CVE-2024-1066: gitlab - An issue has been discovered in GitLab EE affecting all versions from 13.3.0 pri...
An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`
Scope: local
sid: resolved (fixed in 16.6.7-1)
GHSA
GHSA-89x8-fvq4-x5w3: An issue has been discovered in GitLab EE affecting all versions from 13
ghsa_unreviewed·2024-02-08
CVE-2024-1066 [MEDIUM] CWE-400 GHSA-89x8-fvq4-x5w3: An issue has been discovered in GitLab EE affecting all versions from 13
An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`
OSV
CVE-2024-1066: An issue has been discovered in GitLab EE affecting all versions from 13
osv·2024-02-07·CVSS 6.5
CVE-2024-1066 [MEDIUM] CVE-2024-1066: An issue has been discovered in GitLab EE affecting all versions from 13
An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-07
Published