CVE-2024-0199 Incorrect Authorization in GitLab

🗓️ 07 Mar 2024 00:39:50Reported by GitLabType

Improper Access Control in GitLab affecting versions 11.3 to 16.9.

Reporter	Title	Published	Views	Family All 20
FreeBSD	Gitlab -- Vulnerabilities	6 Mar 202400:00	–	freebsd
Circl	CVE-2024-0199	7 Mar 202402:26	–	circl
CNNVD	GitLab Security Breach	7 Mar 202400:00	–	cnnvd
CVE	CVE-2024-0199	7 Mar 202400:39	–	cve
Debian CVE	CVE-2024-0199	7 Mar 202400:39	–	debiancve
EUVD	EUVD-2024-15998	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- Vulnerabilities (b2caae55-dc38-11ee-96dc-001b217b3468)	8 Mar 202400:00	–	nessus
Tenable Nessus	GitLab 11.3 < 16.7.7 / 16.8 < 16.8.4 / 16.9 < 16.9.2 (CVE-2024-0199)	6 Mar 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-0199	27 Aug 202500:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition	7 Mar 202400:00	–	ncsc

[
  {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "vendor": "GitLab",
    "versions": [
      {
        "lessThan": "16.7.7",
        "status": "affected",
        "version": "11.3",
        "versionType": "semver"
      },
      {
        "lessThan": "16.8.4",
        "status": "affected",
        "version": "16.8",
        "versionType": "semver"
      },
      {
        "lessThan": "16.9.2",
        "status": "affected",
        "version": "16.9",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
about	www.about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
hackerone	www.hackerone.com/reports/2295423
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/436977

03 Oct 2024 06:23Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.7

EPSS0.00008

CWE-863