CVE-2024-0410

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-0410

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0410.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-0410

Aliases

BIT-gitlab-2024-0410

Downstream

UBUNTU-CVE-2024-0410

Published

2024-02-21T23:30:59.792Z

Modified

2025-11-20T20:36:46.032241Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N CVSS Calculator

Summary

Improper Enforcement of Behavioral Workflow in GitLab

Details

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.

Database specific

{
    "cwe_ids": [
        "CWE-841"
    ]
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

31c24d2d8643ee22211ef544a4538c4420e96dc9

Fixed

c8f3448a2f0cfb3c812fc4619e0f16bc3feb133b

Database specific

{
    "versions": [
        {
            "introduced": "15.1"
        },
        {
            "fixed": "16.7.6"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

1e912d57d5a8f1135f4d41e25469069790134d41

Fixed

39213e8fab4a70aa7cf64bb1c75012bb11fd7b15

Database specific

{
    "versions": [
        {
            "introduced": "16.8"
        },
        {
            "fixed": "16.8.3"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

76326ae8b898b38c8217ad037ed7122be00e62f0

Fixed

cc62007c12dc634c7442a9b1dc94508e50e5dba5

Database specific

{
    "versions": [
        {
            "introduced": "16.9"
        },
        {
            "fixed": "16.9.1"
        }
    ]
}

Affected versions

v16.*

v16.8.0-ee

v16.8.1-ee

v16.8.2-ee

v16.9.0-ee

v16.9.0-rc44-ee