Severity
Medium
Analysis Summary
CVE-2024-1347 CVSS:4.3
GitLab Community Edition (CE) and Enterprise Edition (EE) could allow a remote authenticated attacker to bypass security restrictions. By using a crafted email address, an attacker could exploit this vulnerability to bypass domain based restrictions on an instance or a group.
CVE-2024-2829 CVSS:7.5
GitLab Community Edition (CE) and Enterprise Edition (EE) are vulnerable to a denial of service, caused by unauthenticated ReDoS in FileFinder when using wildcard filters in project file search. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-2434 CVSS:8.5
GitLab Community Edition (CE) and Enterprise Edition (EE) are vulnerable to a denial of service, caused by a path traversal flaw. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Denial of Service
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-1347
- CVE-2024-2829
- CVE-2024-2434
Affected Vendors
Affected Products
- GitLab Community Edition 16.11.0
- GitLab Community Edition 16.10.3
- GitLab Community Edition 16.9.5
- GitLab Enterprise Edition 16.9.5
- GitLab Enterprise Edition 16.10.3
- GitLab Enterprise Edition 16.11.0
Remediation
Refer to GitLab Website for patch, upgrade, or suggested workaround information.