CVE-2024-0861

Summary

CVE-2024-0861 is a vulnerability discovered in GitLab EE, affecting all versions from 16.4 before 16.7.6, 16.8 before 16.8.3, and 16.9 before 16.9.1. This vulnerability allows users with the "Guest" role to change "Custom dashboard projects" settings, even though they should not have permission to do so. The vulnerability has a base severity rating of MEDIUM, with a base score of 4.3 out of 10, indicating a moderate risk level. The exploitability score is rated at 2.8 out of 10, suggesting that it is relatively easy for attackers to exploit this vulnerability over a network without any user interaction required. The impact score is measured at 1.4 out of 10, indicating low integrity impact and no confidentiality impact or availability impact to an organization's data or systems. Affected Products: GitLab EE versions from 16.4 before 16.7.6, 16.8 before 16.8.3, and 16.9 before 16. Remediation: It is recommended to upgrade GitLab EE to version 16.7.X, version 16. Potential Danger: This vulnerability could allow unauthorized users with the "Guest" role to modify the "Custom dashboard projects" settings, potentially compromising the integrity of project configurations and settings within GitLab EE instances

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.