An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.

Related CVEs

CVE-2024-0410

Key Information

GHSA ID

GHSA-27r2-6rqh-xrg8

Published

February 22, 2024 12:31 AM

Last Modified

February 22, 2024 12:31 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 16, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.