An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
History

Thu, 03 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285

Thu, 03 Oct 2024 06:30:00 +0000

Type Values Removed Values Added
Title Improper Authorization in GitLab Direct Request ('Forced Browsing') in GitLab
Weaknesses CWE-425

Thu, 29 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
Description An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-01-26T01:02:43.953Z

Updated: 2024-10-15T22:56:39.536Z

Reserved: 2024-01-12T08:02:33.279Z

Link: CVE-2024-0456

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-26T01:15:09.110

Modified: 2024-11-21T08:46:37.807

Link: CVE-2024-0456

cve-icon Redhat

No data.