CVE-2024-0410

Summary

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab15.1 < 16.7.6affected
GitLabGitLab16.8 < 16.8.3affected
GitLabGitLab16.9 < 16.9.1affected

Weaknesses

  • CWE-841: CWE-841: Improper Enforcement of Behavioral Workflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References