Vulnerability Description
An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 11.3, < 16.7.7 |
Related Weaknesses (CWE)
References
- https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-releRelease Notes
- https://gitlab.com/gitlab-org/gitlab/-/issues/436977ExploitIssue Tracking
- https://hackerone.com/reports/2295423Permissions Required
- https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-releRelease Notes
- https://gitlab.com/gitlab-org/gitlab/-/issues/436977ExploitIssue Tracking
- https://hackerone.com/reports/2295423Permissions Required
FAQ
What is CVE-2024-0199?
CVE-2024-0199 is a vulnerability with a CVSS score of 7.7 (HIGH). An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utili...
How severe is CVE-2024-0199?
CVE-2024-0199 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0199?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.