First published: Fri Jun 14 2024(Updated: )
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab | >=16.10.0<16.10.6 | |
GitLab | >=16.11.0<16.11.3 |
Upgrade to versions 16.10.6, 16.11.3 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-5469 is a denial-of-service vulnerability that can allow an attacker to crash the Kubernetes Agent Server (KAS) in GitLab.
To fix CVE-2024-5469, upgrade GitLab to version 16.10.6 or later, or 16.11.3 or later.
CVE-2024-5469 affects all GitLab versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3.
CVE-2024-5469 involves a denial-of-service attack through crafted gRPC requests.
Yes, CVE-2024-5469 can be exploited remotely by sending specifically crafted gRPC requests to the affected GitLab servers.