CVE-2024-0199

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/	Release Notes
https://gitlab.com/gitlab-org/gitlab/-/issues/436977	Exploit Issue Tracking
https://hackerone.com/reports/2295423	Permissions Required
https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/	Release Notes
https://gitlab.com/gitlab-org/gitlab/-/issues/436977	Exploit Issue Tracking
https://hackerone.com/reports/2295423	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

11 Dec 2024, 20:12

Type	Values Removed	Values Added
First Time		Gitlab Gitlab gitlab
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
References	~~() https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/ -~~	() https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/ - Release Notes
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/436977 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/436977 - Exploit, Issue Tracking
References	~~() https://hackerone.com/reports/2295423 -~~	() https://hackerone.com/reports/2295423 - Permissions Required

Information

Published : 2024-03-07 01:15

Updated : 2024-12-11 20:12

NVD link : CVE-2024-0199

Mitre link : CVE-2024-0199

CVE.ORG link : CVE-2024-0199

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2024-0199", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2024-03-07T01:15:52.233", "references": [{"url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/", "tags": ["Release Notes"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436977", "tags": ["Exploit", "Issue Tracking"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2295423", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}, {"url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436977", "tags": ["Exploit", "Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/2295423", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n en GitLab que afecta a las versiones 11.3 anteriores a 16.7.7, 16.7.6 anteriores a 16.8.4 y 16.8.3 anteriores a 16.9.2. Un atacante podr\u00eda eludir a CODEOWNERS utilizando un payload malicioso en una rama de funciones antigua para realizar acciones maliciosas."}], "lastModified": "2024-12-11T20:12:49.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "B94BEED5-2938-43D0-A97E-8F47CB3A6DBC", "versionEndExcluding": "16.7.7", "versionStartIncluding": "11.3"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "04AE6840-C038-43C3-B985-205C413C34B7", "versionEndExcluding": "16.7.7", "versionStartIncluding": "11.3"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "C1D7C60A-061E-44F9-AE22-D548DE53B117", "versionEndExcluding": "16.8.4", "versionStartIncluding": "16.8.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "2F20E088-CE58-4838-B756-612BB8687809", "versionEndExcluding": "16.8.4", "versionStartIncluding": "16.8.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "D02C567D-8E1A-42C8-83A3-CF368AB3204F", "versionEndExcluding": "16.9.2", "versionStartIncluding": "16.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "254A5DA0-23B6-45B2-A91E-F9825E717290", "versionEndExcluding": "16.9.2", "versionStartIncluding": "16.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}