CVE-2024-1066

MEDIUM

GitLab 13.3.0-16.6.6, 16.7.0-16.7.4, 16.8.0-16.8.1 - Resource Exhaustion via GraphQL vulnerabilitiesCountByDay

Title source: llm
STIX 2.1

Description

An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`

References (1)

Core 1
Core References
Issue Tracking, Vendor Advisory issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/420341

Scores

CVSS v3 6.5
EPSS 0.0015
EPSS Percentile 34.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-770
Status published
Products (4)
gitlab/gitlab 13.3.0 - 16.6.7
GitLab/GitLab 13.3.3 - 16.6.7
GitLab/GitLab 16.7 - 16.7.5
GitLab/GitLab 16.8 - 16.8.2
Published Feb 07, 2024
Tracked Since Feb 18, 2026