CVE-2024-4025: 
GitLab vulnerability analysis and mitigation

A Denial of Service (DoS) vulnerability (CVE-2024-4025) was discovered in GitLab CE/EE affecting all versions from 7.10 prior to 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. The vulnerability was reported through GitLab's HackerOne bug bounty program by user joaxcar and has been assigned a CVSS v3.1 score of 6.5 (Medium) (GitLab Release, NVD).

The vulnerability is classified as a Regular Expression Denial of Service (ReDoS) vulnerability (CWE-1333). It allows an attacker to cause a denial of service condition using a crafted markdown page. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (GitLab Release).

The vulnerability can lead to a denial of service condition, potentially affecting the availability of the GitLab instance. When successfully exploited, an attacker could cause resource exhaustion through a specially crafted markdown page, impacting system performance or availability (GitLab Release).

GitLab has addressed this vulnerability in versions 16.11.5, 17.0.3, and 17.1.1. Users are strongly recommended to upgrade to these patched versions immediately. GitLab.com has already been updated to run the patched version (GitLab Release).