CVE-2024-0861
Published Feb 22, 2024
Last updated a month ago
Overview
- Description
- An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions.
- Source
- cve@gitlab.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- cve@gitlab.com
- CWE-425
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0C6BB02-2255-4DA6-BCEB-36792BF910BC",
"versionEndExcluding": "16.7.6",
"versionStartIncluding": "16.4.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1920E538-FE0D-40A6-8EA3-667D9835DA8E",
"versionEndExcluding": "16.8.3",
"versionStartIncluding": "16.8.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E374890-90FC-4DC5-8C0B-87CC99B4A4D7"
}
],
"operator": "OR"
}
]
}
]