VDB
CVE-2024-0456
CVE-2024-0456
PUBLISHED
An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
EPSS 0.16% · 36.6th percentile
Risk Scores
EPSS Score
0.16%
36.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 14.0.0, 16.7.0, 16.8.0 |
| Bitnami | gitlab | 14.0.0, 16.7.0, 16.8.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-0456 (circl-sighting)
- https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ (circl)
- GitLab Issue #430726 (circl)
- https://www.reddit.com/r/netsec/comments/1je4j6r/arbitrary_file_write_cve20240402_in_gitlab_exploit/?rdt=53095 (certbund)
- Exploits CVE-2023-5612 - GitLab SSRF via webhook creation. (nmap-nse)
- seen_cves.json (github-poc)
- Exploits CVE-2023-5612 - GitLab SSRF via webhook creation. (nmap-nse)
- Exploits CVE-2023-5612 - GitLab SSRF via webhook creation. (nmap-nse)
- Exploits CVE-2023-5612 - GitLab SSRF via webhook creation. (nmap-nse)
- Exploits CVE-2023-5612 - GitLab SSRF via webhook creation. (nmap-nse)
…and 11 more exploits
Timeline
- Jan 21, 1970 Security Advisory
- Jan 25, 2024 CVE Published
- Jan 26, 2024 PoC Published
- Jan 31, 2024 EPSS Score
- Feb 27, 2024 EPSS Score
- Mar 26, 2024 EPSS Score
- Apr 22, 2024 EPSS Score
- May 20, 2024 EPSS Score
- Jun 16, 2024 EPSS Score
- Jul 13, 2024 EPSS Score
- Aug 14, 2024 EPSS Score
- Sep 10, 2024 EPSS Score