CVSS 3.1 Score 7.7 of 10 (high)


Published Mar 7, 2024
CWE ID 284


CVE-2024-0199 is an authorization bypass vulnerability found in GitLab versions 11.3 to 16.7.7, 16.7.6 to 16.8.4, and 16.8.3 to 16.9.2, allowing attackers to bypass CODEOWNERS by using a crafted payload in an old feature branch to perform malicious actions. The base severity of this vulnerability is rated as HIGH with a base score of 7.7, indicating the potential danger it poses to organizations. The exploitability score is 1.3, and the attack vector is through the network with low privileges required and user interaction necessary for exploitation. The impact includes high severity on integrity and confidentiality but does not affect availability. To remediate this vulnerability, affected organizations should update their GitLab instances to versions that include the necessary patch for this issue as soon as possible. Note: The provided text lacks specific information about how to remediate the vulnerability and the potential danger it poses, so some details have been inferred based on common practices and assumptions regarding similar vulnerabilities in software systems like GitLab.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0199 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options