CVE-2024-1066

MEDIUM

Gitlab < 16.6.7 - Resource Allocation Without Limits

Title source: rule

Description

An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`

References (1)

[Issue Tracking, Vendor Advisory] https://gitlab.com/gitlab-org/gitlab/-/issues/420341

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 18.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-770

Status published

Affected Products (1)

gitlab/gitlab < 16.6.7

Timeline

Published Feb 07, 2024

Tracked Since Feb 18, 2026