An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions.
Metrics
Affected Vendors & Products
References
History
Thu, 03 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-285 |
Thu, 03 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Improper Authorization in GitLab | Direct Request ('Forced Browsing') in GitLab |
Weaknesses | CWE-425 |
Thu, 19 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-02-21T23:30:39.942Z
Updated: 2024-10-03T06:23:18.081Z
Reserved: 2024-01-24T16:02:22.315Z
Link: CVE-2024-0861
Vulnrichment
Updated: 2024-08-01T18:18:18.806Z
NVD
Status : Modified
Published: 2024-02-22T00:15:51.973
Modified: 2024-11-21T08:47:31.670
Link: CVE-2024-0861
Redhat
No data.