NuytsTech Security

CVE-2024-0410

by ·

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.

More information : https://gitlab.com/gitlab-org/gitlab/-/issues/437988

Attack vector : NETWORK
Attack complexity : HIGH
Privileges required : LOW
User interaction : REQUIRED
Confidentiality impact : HIGH
Integrity impact : HIGH
Base score : 7.7
Base severity : HIGH
Exploitability score : 1.3
Impact score : 5.8

Tags: