CVSS 3.1 Score 4.3 of 10 (medium)


Published Feb 22, 2024
Updated: Mar 4, 2024
CWE ID 285


CVE-2024-0861 is a vulnerability discovered in GitLab EE, affecting all versions from 16.4 before 16.7.6, 16.8 before 16.8.3, and 16.9 before 16.9.1. This vulnerability allows users with the "Guest" role to change "Custom dashboard projects" settings, even though they should not have permission to do so. The vulnerability has a base severity rating of MEDIUM, with a base score of 4.3 out of 10, indicating a moderate risk level. The exploitability score is rated at 2.8 out of 10, suggesting that it is relatively easy for attackers to exploit this vulnerability over a network without any user interaction required. The impact score is measured at 1.4 out of 10, indicating low integrity impact and no confidentiality impact or availability impact to an organization's data or systems. Affected Products: GitLab EE versions from 16.4 before 16.7.6, 16.8 before 16.8.3, and 16.9 before 16. Remediation: It is recommended to upgrade GitLab EE to version 16.7.X, version 16. Potential Danger: This vulnerability could allow unauthorized users with the "Guest" role to modify the "Custom dashboard projects" settings, potentially compromising the integrity of project configurations and settings within GitLab EE instances

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-0861 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions