ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.
History

Fri, 30 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Thu, 29 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Fri, 23 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-1333
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Vendors & Products Gitlab
Gitlab gitlab

Thu, 08 Aug 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 08 Aug 2024 10:45:00 +0000

Type Values Removed Values Added
Description ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.
Title Uncontrolled Resource Consumption in GitLab
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-08-08T10:31:37.860Z

Updated: 2024-08-30T13:24:42.805Z

Reserved: 2024-03-21T19:30:42.206Z

Link: CVE-2024-2800

cve-icon Vulnrichment

Updated: 2024-08-08T12:52:58.667Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-08T11:15:12.210

Modified: 2024-09-18T12:42:50.093

Link: CVE-2024-2800

cve-icon Redhat

No data.