CVE-2024-4025: 
GitLab vulnerability analysis and mitigation

A Denial of Service (DoS) vulnerability (CVE-2024-4025) was discovered in GitLab CE/EE affecting all versions from 7.10 prior to 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. The vulnerability allows an attacker to cause a denial of service using a crafted markdown page (GitLab Release, NVD).

The vulnerability is classified as a medium severity issue with a CVSS v3.1 base score of 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). The vulnerability is related to inefficient regular expression complexity (CWE-1333) in the markdown page processing functionality (NVD).

When exploited, this vulnerability can lead to a Denial of Service condition, potentially affecting the availability of the GitLab instance. The attack requires low complexity and low privileges to execute, but only affects the availability of the system without compromising confidentiality or integrity (GitLab Release).

The vulnerability has been fixed in GitLab versions 16.11.5, 17.0.3, and 17.1.1. Users are strongly recommended to upgrade to these or later versions immediately to mitigate the risk (GitLab Release).

The vulnerability was responsibly disclosed through GitLab's HackerOne bug bounty program by researcher joaxcar (GitLab Release).