CVE-2024-5469
published 2024-06-14CVE-2024-5469: DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCNINAL
EPSS
0.43%
34.2th percentile
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 17.3.5-2 (sid) | gitlab 17.3.5-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 16.10.0 < 16.10.6 | 16.10.6 |
| gitlab | gitlab | >= 16.11.0 < 16.11.3 | 16.11.3 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
osv4.3MEDIUM
vendor_debian3.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2024-5469: DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via craft
vendor_gitlab·2024-06-14·CVSS 3.1
CVE-2024-5469 [LOW] CWE-754 CVE-2024-5469: DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via craft
CVE-2024-5469: DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.
Debian
CVE-2024-5469: gitlab - DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 ...
vendor_debian·2024·CVSS 3.1
CVE-2024-5469 [LOW] CVE-2024-5469: gitlab - DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 ...
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.
Scope: local
sid: resolved (fixed in 17.3.5-2)
OSV
CVE-2024-5469: DoS in KAS in GitLab CE/EE affecting all versions from 16
osv·2024-06-14·CVSS 4.3
CVE-2024-5469 [MEDIUM] CVE-2024-5469: DoS in KAS in GitLab CE/EE affecting all versions from 16
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.
GHSA
GHSA-4g7q-7v9w-3x8m: DoS in KAS in GitLab CE/EE affecting all versions from 16
ghsa_unreviewed·2024-06-14
CVE-2024-5469 [LOW] CWE-400 GHSA-4g7q-7v9w-3x8m: DoS in KAS in GitLab CE/EE affecting all versions from 16
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-14
Published