CVE-2024-0199
published 2024-03-07CVE-2024-0199: An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An…
PriorityP345high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EPSS
0.71%
48.7th percentile
An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 16.8.4-1 (sid) | gitlab 16.8.4-1 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 11.3 < 16.7.7 | 16.7.7 |
| gitlab | gitlab | >= 16.8 < 16.8.4 | 16.8.4 |
| gitlab | gitlab | >= 16.8.0 < 16.8.4 | 16.8.4 |
| gitlab | gitlab | >= 16.9 < 16.9.2 | 16.9.2 |
| gitlab | gitlab | >= 16.9.0 < 16.9.2 | 16.9.2 |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv8.0HIGH
vendor_debian7.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2024-0199: An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16
vendor_gitlab·2024-03-07·CVSS 7.7
CVE-2024-0199 [HIGH] CWE-863 CVE-2024-0199: An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16
CVE-2024-0199: An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
Debian
CVE-2024-0199: gitlab - An authorization bypass vulnerability was discovered in GitLab affecting version...
vendor_debian·2024·CVSS 7.7
CVE-2024-0199 [HIGH] CVE-2024-0199: gitlab - An authorization bypass vulnerability was discovered in GitLab affecting version...
An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
Scope: local
sid: resolved (fixed in 16.8.4-1)
GHSA
GHSA-rhx5-h5p6-9g65: An authorization bypass vulnerability was discovered in GitLab affecting versions 11
ghsa_unreviewed·2024-03-07
CVE-2024-0199 [HIGH] CWE-284 GHSA-rhx5-h5p6-9g65: An authorization bypass vulnerability was discovered in GitLab affecting versions 11
An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
OSV
CVE-2024-0199: An authorization bypass vulnerability was discovered in GitLab affecting versions 11
osv·2024-03-07·CVSS 8.0
CVE-2024-0199 [HIGH] CVE-2024-0199: An authorization bypass vulnerability was discovered in GitLab affecting versions 11
An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
Suricata
ET EXPLOIT CVE-2017-0199 Common Obfus Stage 2 DL
suricata·2017-06-19·CVSS 7.8
CVE-2017-0199 [HIGH] ET EXPLOIT CVE-2017-0199 Common Obfus Stage 2 DL
ET EXPLOIT CVE-2017-0199 Common Obfus Stage 2 DL
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT CVE-2017-0199 Common Obfus Stage 2 DL"; flow:established,to_client; file.data; content:"|7b 5c 72 74|"; within:4; content:!"|66|"; within:1; content:"|5C 6F 62 6A 61 75 74 6C 69 6E 6B|"; nocase; distance:0; reference:md5,8168b2305289ecc778216405d1fd7984; reference:cve,2017-0199; classtype:trojan-activity; sid:2024413; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2017_06_19, cve CVE_2017_0199, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2024_03_14;)
Suricata
ET WEB_CLIENT Office UA FB SET
suricata·2017-04-19
CVE-2017-0199 ET WEB_CLIENT Office UA FB SET
ET WEB_CLIENT Office UA FB SET
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_CLIENT Office UA FB SET"; flow:established,to_server; flowbits:set,Office.UA; flowbits:noalert; http.user_agent; content:"Microsoft Office"; fast_pattern; startswith; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; reference:cve,cve-2017-0199; classtype:trojan-activity; sid:2024225; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2017_04_19, deployment Perimeter, malware_family Exploit_Kit_RIG, performance_impact Low, signature_severity Major, tag Exploit_kit_RIG, updated_at 2024_04_20;)
Suricata
ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)
suricata·2017-04-11·CVSS 7.8
CVE-2017-0199 [HIGH] ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)
ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)"; flow:established,to_client; flowbits:isset,et.IE7.NoRef.NoCookie; http.content_type; bsize:15; content:"application/hta"; fast_pattern; nocase; classtype:trojan-activity; sid:2024197; rev:8; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2017_04_11, cve CVE_2017_0199, deployment Perimeter, performance_impact Low, signature_severity Major, tag CISA_KEV, updated_at 2024_03_27;)
Suricata
ET WEB_CLIENT HTA File containing Wscript.Shell Call - Potential CVE-2017-0199
suricata·2017-04-10·CVSS 7.8
CVE-2017-0199 [HIGH] ET WEB_CLIENT HTA File containing Wscript.Shell Call - Potential CVE-2017-0199
ET WEB_CLIENT HTA File containing Wscript.Shell Call - Potential CVE-2017-0199
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT HTA File containing Wscript.Shell Call - Potential CVE-2017-0199"; flow:established,to_client; flowbits:isset,et.http.hta; file.data; content:"Wscript.Shell"; nocase; reference:url,www.fireeye.com/blog/threat-research/2017/04/acknowledgement_ofa.html; reference:url,securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/; classtype:attempted-user; sid:2024196; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2017_04_10, cve CVE_2017_0199, deployment Perimeter, performance_impact Low, signature_severity Major, tag CISA_KEV, updated_at 2024_04_0
Suricata
ET EXPLOIT Possible CVE-2017-0199 HTA Inbound
suricata·2017-04-10·CVSS 7.8
CVE-2017-0199 [HIGH] ET EXPLOIT Possible CVE-2017-0199 HTA Inbound
ET EXPLOIT Possible CVE-2017-0199 HTA Inbound
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible CVE-2017-0199 HTA Inbound"; flow:established,to_client; flowbits:isset,et.IE7.NoRef.NoCookie; http.content_type; bsize:15; content:"application/hta"; fast_pattern; file.data; content:"|7b 5c 72 74|"; distance:1; content:"|7b 5c|"; distance:0; content:"|7b 5c|"; distance:0; classtype:trojan-activity; sid:2024192; rev:6; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product MS_Office, attack_target Client_Endpoint, created_at 2017_04_10, cve CVE_2017_0199, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2024_03_27;)
No public exploits indexed.
No writeups or analysis indexed.
https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/https://gitlab.com/gitlab-org/gitlab/-/issues/436977https://hackerone.com/reports/2295423https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/https://gitlab.com/gitlab-org/gitlab/-/issues/436977https://hackerone.com/reports/2295423
2024-03-07
Published