4.3

CVE-2024-0861

EPSS 0.02%
Veröffentlicht 22.02.2024 00:15:51
Zuletzt bearbeitet 21.11.2024 08:47:31
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.4.0 < 16.7.6

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.8.0 < 16.8.3

Gitlab ≫ Gitlab Version16.9.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
cve@gitlab.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

https://gitlab.com/gitlab-org/gitlab/-/issues/439240

Permissions Required

https://hackerone.com/reports/2316435

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-0861

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0861

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0861

EUVD