Home > Vulnerability Database > CVE-2024-0456

Mend.io Vulnerability Database

CVE-2024-0456

Date: January 25, 2024

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project

Language: Ruby

Severity Score

4.3

Related Resources (4)

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/430726

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-0456

Url: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/

Url: https://www.mend.io/vulnerability-database/CVE-2024-0456

Severity Score

4.3

Weakness Type (CWE)

Improper Authorization

CWE-285

Direct Request ('Forced Browsing')

CWE-425

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-0456

Date: January 25, 2024

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?