CVE-2024-0456

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-0456
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0456.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-0456
Aliases
Published
2024-01-26T01:15:09Z
Modified
2024-05-29T20:13:29Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events