Authorization bypass vulnerability in GitLab CE/EE - CVE-2024-0199 (rpm)ID: oval:org.secpod.oval:def:98600 | Date: (C)2024-03-22 (M)2024-03-22 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab CE/EE 11.3 before 16.7.7, 16.8.0 before 16.8.4, and 16.9.0 before 16.9.2 and is prone to an authorization bypass vulnerability. A flaw is present in the application, which fails to properly handle issues in an old feature branch. Successful exploitation could allow an attacker to bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
Product: |
gitlab-ce |
gitlab-ee |