CVE-2024-0861

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-0861

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0861.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-0861

Aliases

BIT-gitlab-2024-0861

Related

UBUNTU-CVE-2024-0861

Published

2024-02-22T00:15:51Z

Modified

2025-04-01T02:58:58Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the Guest role can change Custom dashboard projects settings contrary to permissions.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

e4c1c182610739c1b1d10a8eacbea1f5aa837ad6

Fixed

c8f3448a2f0cfb3c812fc4619e0f16bc3feb133b