CVE-2024-6324 — Vulnetix

CVE-2024-6324 PUBLISHED

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics.

EPSS 0.15% · 35.1th percentile

Risk Scores

EPSS Score

0.15%

35.1th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	15.7.0, 17.6.0, 17.7.0
Bitnami	gitlab	15.7.0, 17.6.0, 17.7.0

Timeline

Jan 21, 1970 Security Advisory
Jan 9, 2025 CVE Published
Jan 9, 2025 CVE Updated
Jan 10, 2025 EPSS Score
Jan 26, 2025 EPSS Score
Feb 10, 2025 EPSS Score
Feb 26, 2025 EPSS Score
Mar 14, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Apr 5, 2025 Coalition ESS Score
Apr 14, 2025 EPSS Score
Apr 30, 2025 EPSS Score

References

https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#cyclic-reference-of-epics-leads-resource-exhaustion url
https://gitlab.com/gitlab-org/gitlab/-/issues/468914 url
https://hackerone.com/reports/2553716 url
https://nvd.nist.gov/vuln/detail/CVE-2024-6324 url

Open in Interactive Console →