ByteOS Network

NVD Vulnerability Details :

CVE-2024-6324

Analyzed

Source-cve@gitlab.com

Published At-09 Jan, 2025 | 06:15

Updated At-05 Aug, 2025 | 15:21

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CPE Matches

GitLab Inc.

>>gitlab>>Versions from 15.7.0(inclusive) to 17.5.5(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

GitLab Inc.

>>gitlab>>Versions from 15.7.0(inclusive) to 17.5.5(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

GitLab Inc.

>>gitlab>>Versions from 17.6.0(inclusive) to 17.6.3(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

GitLab Inc.

>>gitlab>>Versions from 17.6.0(inclusive) to 17.6.3(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

GitLab Inc.

>>gitlab>>Versions from 17.7.0(inclusive) to 17.7.1(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

GitLab Inc.

>>gitlab>>Versions from 17.7.0(inclusive) to 17.7.1(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-407	Primary	cve@gitlab.com

References

Hyperlink	Source	Resource
https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#cyclic-reference-of-epics-leads-resource-exhaustion	cve@gitlab.com	Release Notes Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/468914	cve@gitlab.com	Exploit Issue Tracking
https://hackerone.com/reports/2553716	cve@gitlab.com	Permissions Required

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History