CVE-2024-0861
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-0861
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0861.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-0861
- Aliases
- Downstream
- Published
- 2024-02-21T23:30:39.942Z
- Modified
- 2025-12-05T04:01:46.550241Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Direct Request ('Forced Browsing') in GitLab
- Details
-
An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the
Guestrole can changeCustom dashboard projectssettings contrary to permissions. - Database specific
{ "cna_assigner": "GitLab", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/0xxx/CVE-2024-0861.json", "cwe_ids": [ "CWE-425" ] }- References