CVE Vulnerabilities

CVE-2024-8177

Inefficient Algorithmic Complexity

Published: Nov 26, 2024 | Modified: Dec 13, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.

Weakness

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 15.6.0 (including) 17.4.5 (excluding)
Gitlab Gitlab 17.5.0 (including) 17.5.3 (excluding)
Gitlab Gitlab 17.6.0 (including) 17.6.0 (including)
Gitlab Ubuntu esm-apps/xenial *

References