Vulnerabilities

CVE-2024-1066

by Fred · 07/02/2024

An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`

More information : https://gitlab.com/gitlab-org/gitlab/-/issues/420341

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : LOW
User interaction : NONE
Confidentiality impact : NONE
Integrity impact : NONE
Base score : 6.5
Base severity : MEDIUM
Exploitability score : 2.8
Impact score : 3.6

Similar

Tags: Cybersecurity Alert