VYPR
Unrated severityNVD Advisory· Published Jan 26, 2024· Updated May 1, 2026

Direct Request ('Forced Browsing') in GitLab

CVE-2024-0456

Description

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 14.0
    • (no CPE)range: >=14.0 <16.6.6, >=16.7 <16.7.4, >=16.8 <16.8.1
  • osv-coords
    Range: >= 14.0.0, < 16.6.6

Patches

Vulnerability mechanics

References

2

News mentions

1