CVE-2024-0410
published 2024-02-22CVE-2024-0410: An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A…
PriorityP342high7.7CVSS 3.1
AVNACHPRLUIRSCCHIHAN
EPSS
0.46%
36.3th percentile
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 16.8.3-1 (sid) | gitlab 16.8.3-1 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.1 < 16.7.6 | 16.7.6 |
| gitlab | gitlab | >= 15.1.0 < 16.7.6 | 16.7.6 |
| gitlab | gitlab | >= 16.8 < 16.8.3 | 16.8.3 |
| gitlab | gitlab | >= 16.8.0 < 16.8.3 | 16.8.3 |
| gitlab | gitlab | >= 16.9 < 16.9.1 | 16.9.1 |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
osv7.7HIGH
vendor_debian7.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-27r2-6rqh-xrg8: An authorization bypass vulnerability was discovered in GitLab affecting versions 15
ghsa_unreviewed·2024-02-22
CVE-2024-0410 [HIGH] CWE-284 GHSA-27r2-6rqh-xrg8: An authorization bypass vulnerability was discovered in GitLab affecting versions 15
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.
OSV
CVE-2024-0410: An authorization bypass vulnerability was discovered in GitLab affecting versions 15
osv·2024-02-22·CVSS 7.7
CVE-2024-0410 [HIGH] CVE-2024-0410: An authorization bypass vulnerability was discovered in GitLab affecting versions 15
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.
GitLab
CVE-2024-0410: An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1
vendor_gitlab·2024-02-22·CVSS 7.7
CVE-2024-0410 [HIGH] CWE-841 CVE-2024-0410: An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1
CVE-2024-0410: An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.
Debian
CVE-2024-0410: gitlab - An authorization bypass vulnerability was discovered in GitLab affecting version...
vendor_debian·2024·CVSS 7.7
CVE-2024-0410 [HIGH] CVE-2024-0410: gitlab - An authorization bypass vulnerability was discovered in GitLab affecting version...
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.
Scope: local
sid: resolved (fixed in 16.8.3-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-22
Published