GitLab Authorization Bypass Vulnerability Affects Multiple Versions
CVE-2024-0199
Key Information:
Badges
Summary
An authorization bypass vulnerability has been identified in GitLab, allowing attackers to circumvent the CODEOWNERS functionality. This weakness is present in multiple versions of the product, specifically those from 11.3 leading up to earlier versions, culminating in versions 16.9.2. By utilizing a specially crafted payload embedded in an old feature branch, an unauthorized actor may perform malicious actions typically restricted by permissions. The risk this presents underscores the importance of maintaining updated versions and understanding the implications of version compatibility.
Affected Version(s)
GitLab 11.3 < 16.7.7
GitLab 16.8 < 16.8.4
GitLab 16.9 < 16.9.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CybersecurityNewsReferences
CVSS V3.1
Timeline
- π°
First article discovered by CybersecurityNews
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved