CVE-2024-12379

Summary

A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab14.1 < 17.6.5affected
GitLabGitLab17.7 < 17.7.4affected
GitLabGitLab17.8 < 17.8.2affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References