Rewterz Threat Advisory – CVE-2023-48725 – NETGEAR RAX30 Vulnerability
March 7, 2024Rewterz Threat Alert – Threat Actor Commits Investment Scam Using New DNS Hijacking Technique – Active IOCs
March 7, 2024Rewterz Threat Advisory – CVE-2023-48725 – NETGEAR RAX30 Vulnerability
March 7, 2024Rewterz Threat Alert – Threat Actor Commits Investment Scam Using New DNS Hijacking Technique – Active IOCs
March 7, 2024Severity
High
Analysis Summary
CVE-2024-1299 CVSS:6.5
GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to rotate and see group access token with owner permissions.
CVE-2024-0199 CVSS:7.7
GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by <ISSUE>. By utilizing a crafted payload in an old feature branch to perform, an attacker could exploit this vulnerability to bypass CODEOWNERS.
Impact
- Security Bypass
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2024-1299
- CVE-2024-0199
Affected Vendors
GitLab
Affected Products
- GitLab Community Edition 16.9.1
- GitLab Community Edition 16.8.3
- GitLab Community Edition 16.7.6
- GitLab Enterprise Edition 16.7.6
- GitLab Enterprise Edition 16.8.3
- GitLab Enterprise Edition 16.9.1
Remediation
Refer to GitLab Website for patch, upgrade or suggested workaround information.