Home > Vulnerability Database > CVE-2024-0456

Mend.io Vulnerability Database

CVE-2024-0456

Good to know:

Date: January 25, 2024

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project

Language: Ruby

Severity Score

4.3

Related Resources (4)

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/430726

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-0456

Url: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/

Url: https://www.mend.io/vulnerability-database/CVE-2024-0456

Severity Score

4.3

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version v16.6.6,v16.7.4,v16.8.1

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-0456

Good to know:

Date: January 25, 2024

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?