CVE-2024-0199

Name of the Vulnerable Software and Affected Versions GitLab versions 11.3 through 16.7.6 GitLab versions 16.7.6 through 16.8.3 GitLab versions 16.8.3 through 16.9.1

Description An authorization bypass vulnerability was discovered in GitLab, allowing an attacker to bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions. This issue potentially exposes financial data or code. Approximately 509,862 devices are potentially affected, mainly distributed in China and the United States.

Recommendations For GitLab versions 11.3 through 16.7.6, upgrade to version 16.7.7 to patch the vulnerability. For GitLab versions 16.7.6 through 16.8.3, upgrade to version 16.8.4 to patch the vulnerability. For GitLab versions 16.8.3 through 16.9.1, upgrade to version 16.9.2 to patch the vulnerability. As a temporary workaround, consider restricting access to old feature branches to minimize the risk of exploitation.