An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
References
Link | Resource |
---|---|
https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/430726 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
31 Jan 2024, 20:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gitlab
Gitlab gitlab |
|
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:enterprise:*:*:* |
|
References | () https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ - Vendor Advisory | |
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/430726 - Broken Link |
26 Jan 2024, 13:51
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
26 Jan 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-26 01:15
Updated : 2024-01-31 20:12
NVD link : CVE-2024-0456
Mitre link : CVE-2024-0456
CVE.ORG link : CVE-2024-0456
JSON object : View
Products Affected
gitlab
- gitlab
CWE