Overview

An update has been released to address vulnerabilities in GitLab Products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

CVE-2024-2800

GitLab EE/CE versions: 11.3 (inclusive) ~ 17.0.6 (excluded)
GitLab EE/CE versions: 17.1 (inclusive) ~ 17.1.4 (excluded)
GitLab EE/CE versions: 17.2 (inclusive) ~ 17.2.2 (excluded)

 

CVE-2024-6329

GitLab EE/CE versions: 8.16 (inclusive) ~ 17.0.6 (excluded)
GitLab EE/CE versions: 17.1 (inclusive) ~ 17.1.4 (excluded)
GitLab EE/CE versions: 17.2 (included) ~ 17.2.2 (excluded)

 

Resolved Vulnerabilities

 

Vulnerability in GitLab EE/CE that allows denial of service via regular expression backtracking (CVE-2024-2800)
Vulnerability in GitLab EE/CE that prevents the web interface from rendering diffs correctly when the path is encoded (CVE-2024-6329)

 

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-2800, CVE-2024-6329

GitLab EE/CE version: 17.0.6
GitLab EE/CE version: 17.1.4
GitLab EE/CE version: 17.2.2

 

 

References

[1] CVE-2024-2800 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-2800

[2] GitLab Patch Release: 17.2.2, 17.1.4, 17.0.6

https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/

[3] CVE-2024-6329 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-6329

Article Link: GitLab Product Security Update Advisory – ASEC

1 post – 1 participant

Read full topic

​Overview
An update has been released to address vulnerabilities in GitLab Products. Users of the affected versions are advised to update to the latest version.
 
Affected Products
CVE-2024-2800

GitLab EE/CE versions: 11.3 (inclusive) ~ 17.0.6 (excluded)
GitLab EE/CE versions: 17.1 (inclusive) ~ 17.1.4 (excluded)
GitLab EE/CE versions: 17.2 (inclusive) ~ 17.2.2 (excluded)

 
CVE-2024-6329

GitLab EE/CE versions: 8.16 (inclusive) ~ 17.0.6 (excluded)
GitLab EE/CE versions: 17.1 (inclusive) ~ 17.1.4 (excluded)
GitLab EE/CE versions: 17.2 (included) ~ 17.2.2 (excluded)
 

Resolved Vulnerabilities
 
Vulnerability in GitLab EE/CE that allows denial of service via regular expression backtracking (CVE-2024-2800)Vulnerability in GitLab EE/CE that prevents the web interface from rendering diffs correctly when the path is encoded (CVE-2024-6329)
 
Vulnerability Patches
The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-2800, CVE-2024-6329

GitLab EE/CE version: 17.0.6
GitLab EE/CE version: 17.1.4
GitLab EE/CE version: 17.2.2

 
 
References
[1] CVE-2024-2800 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-2800
[2] GitLab Patch Release: 17.2.2, 17.1.4, 17.0.6
https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/
[3] CVE-2024-6329 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-6329
Article Link: GitLab Product Security Update Advisory – ASEC
1 post – 1 participant
Read full topic