CVE-2024-0199

Summary

CVE-2024-0199 is an authorization bypass vulnerability found in GitLab versions 11.3 to 16.7.7, 16.7.6 to 16.8.4, and 16.8.3 to 16.9.2, allowing attackers to bypass CODEOWNERS by using a crafted payload in an old feature branch to perform malicious actions. The base severity of this vulnerability is rated as HIGH with a base score of 7.7, indicating the potential danger it poses to organizations. The exploitability score is 1.3, and the attack vector is through the network with low privileges required and user interaction necessary for exploitation. The impact includes high severity on integrity and confidentiality but does not affect availability. To remediate this vulnerability, affected organizations should update their GitLab instances to versions that include the necessary patch for this issue as soon as possible. Note: The provided text lacks specific information about how to remediate the vulnerability and the potential danger it poses, so some details have been inferred based on common practices and assumptions regarding similar vulnerabilities in software systems like GitLab.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.