CVE-2024-5469 — Improper Check for Unusual or Exceptional Conditions in Gitlab

CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 69.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedJun 14

Description

DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDgitlab/gitlab16.10.0 — 16.10.6+1

▶debiandebian/gitlab< gitlab 17.3.5-2 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2024-5469: DoS in KAS in GitLab CE/EE affecting all versions from 16↗2024-06-14

▶

GHSA

GHSA-4g7q-7v9w-3x8m: DoS in KAS in GitLab CE/EE affecting all versions from 16↗2024-06-14

▶

📋Vendor Advisories

GitLab

CVE-2024-5469: DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via craft↗2024-06-14

▶

Debian

CVE-2024-5469: gitlab - DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 ...↗2024

▶