CVE-2024-0199
7.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Summary
An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GitLab | GitLab | 11.3 < 16.7.7 | affected |
| GitLab | GitLab | 16.8 < 16.8.4 | affected |
| GitLab | GitLab | 16.9 < 16.9.2 | affected |
Weaknesses
- CWE-863: CWE-863: Incorrect Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://gitlab.com/gitlab-org/gitlab/-/issues/436977
- https://hackerone.com/reports/2295423
- https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
References
- https://gitlab.com/gitlab-org/gitlab/-/issues/436977
- https://hackerone.com/reports/2295423
- https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.