CVE-2024-1066

Summary

An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL vulnerabilitiesCountByDay

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab13.3.3 < 16.6.7affected
GitLabGitLab16.7 < 16.7.5affected
GitLabGitLab16.8 < 16.8.2affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References