NuytsTech Security

CVE-2024-0199

by ·

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.

More information : https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : LOW
User interaction : REQUIRED
Confidentiality impact : HIGH
Integrity impact : HIGH
Base score : 8
Base severity : HIGH
Exploitability score : 2.1
Impact score : 5.9

Tags: