CVE-2024-8041: 
GitLab vulnerability analysis and mitigation

A Denial of Service (DoS) vulnerability has been discovered in GitLab CE/EE, identified as CVE-2024-8041. The vulnerability affects all versions prior to 17.1.6, versions 17.2 prior to 17.2.4, and versions 17.3 prior to 17.3.1. The issue was discovered and reported through GitLab's HackerOne bug bounty program by researcher a92847865 (GitLab Release).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is related to the GitHub importer functionality in GitLab, where a maliciously crafted repository can trigger a denial of service condition. The attack requires network access and low privilege level, but no user interaction (NVD).

When successfully exploited, this vulnerability can cause a denial of service condition in the affected GitLab instance. The attack specifically targets the GitHub importer functionality, potentially disrupting service availability. The CVSS scoring indicates high impact on availability while maintaining no impact on confidentiality or integrity (GitLab Release).

GitLab has released patches to address this vulnerability in versions 17.1.6, 17.2.4, and 17.3.1. Organizations running affected versions are strongly recommended to upgrade to the patched versions immediately. GitLab.com has already been updated with the patched version (GitLab Release).