CVSS 3.1 Score 4.3 of 10 (medium)


Published Feb 22, 2024
Updated: Mar 4, 2024
CWE ID 285


CVE-2024-0861 is a vulnerability discovered in GitLab EE, affecting all versions from 16.4 before 16.7.6, 16.8 before 16.8.3, and 16.9 before 16.9.1. This vulnerability allows users with the "Guest" role to change "Custom dashboard projects" settings, even though they should not have permission to do so. The vulnerability has a base severity rating of MEDIUM, with a base score of 4.3 out of 10, indicating a moderate risk level. The exploitability score is rated at 2.8 out of 10, suggesting that it is relatively easy for attackers to exploit this vulnerability over a network without any user interaction required. The impact score is measured at 1.4 out of 10, indicating low integrity impact and no confidentiality impact or availability impact to an organization's data or systems.

Affected Products: GitLab EE versions from 16.4 before 16.7.6, 16.8 before 16.8.3, and 16.9 before 16. Remediation: It is recommended to upgrade GitLab EE to version 16.7.X, version 16. Potential Danger: This vulnerability could allow unauthorized users with the "Guest" role to modify the "Custom dashboard projects" settings, potentially compromising the integrity of project configurations and settings within GitLab EE instances

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0861 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options