CVE-2024-0199Incorrect Authorization in Gitlab

CWE-863Incorrect AuthorizationCWE-284Improper Access Control6 documents6 sources
Severity
8.0HIGHNVD
EPSS
0.0%
top 99.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedMar 7

Description

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages4 packages

CVEListV5gitlab/gitlab16.816.8.4+1
NVDgitlab/gitlab11.316.7.7+2
debiandebian/gitlab< gitlab 16.8.4-1 (sid)
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-rhx5-h5p6-9g65: An authorization bypass vulnerability was discovered in GitLab affecting versions 112024-03-07
OSV
CVE-2024-0199: An authorization bypass vulnerability was discovered in GitLab affecting versions 112024-03-07

📋Vendor Advisories

2
GitLab
CVE-2024-0199: An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 162024-03-07
Debian
CVE-2024-0199: gitlab - An authorization bypass vulnerability was discovered in GitLab affecting version...2024