CVE-2024-0199 in GitLab
Summary
by MITRE • 03/07/2024
An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 08/28/2025
The vulnerability identified as CVE-2024-0199 represents a critical authorization bypass flaw within GitLab's code ownership management system. This weakness specifically targets the CODEOWNERS functionality which is designed to enforce access controls and determine who can approve or modify specific files within a repository. The vulnerability affects multiple version ranges including 11.3 through 16.7.6, 16.7.6 through 16.8.3, and 16.8.3 through 16.9.1, indicating a long-standing issue that has persisted across several major releases. The flaw allows malicious actors to circumvent the intended code ownership policies by exploiting a specific payload mechanism within the repository's branch management system.
The technical exploitation of this vulnerability occurs through a crafted payload that leverages an old feature branch to bypass the CODEOWNERS authorization checks. This mechanism exploits a gap in GitLab's validation process where the system fails to properly verify the authorization status of users attempting to perform actions on files that should be protected by CODEOWNERS rules. The vulnerability specifically targets the interaction between branch management and code ownership enforcement, allowing attackers to submit malicious changes that would normally be restricted by ownership policies. This bypass occurs at the authorization layer rather than the authentication layer, meaning that legitimate users with proper credentials can still exploit this weakness to perform unauthorized actions.
The operational impact of CVE-2024-0199 is significant for organizations relying on GitLab's CODEOWNERS functionality for security governance and access control. Attackers can potentially modify code in protected directories, submit malicious changes to files that should require specific approvers, or bypass review processes that are critical for maintaining code quality and security standards. This vulnerability directly undermines the principle of least privilege and can lead to unauthorized code modifications, potential backdoor insertion, or compromise of sensitive code sections that should only be accessible to designated maintainers. Organizations using GitLab for collaborative development environments face increased risk of supply chain attacks or insider threats when this vulnerability is present in their systems.
Mitigation strategies for CVE-2024-0199 should focus on immediate version upgrades to the patched releases mentioned in the advisory. Organizations should prioritize upgrading to GitLab versions 16.7.7, 16.8.4, or 16.9.2 depending on their current installation to ensure the authorization bypass is resolved. Additionally, security teams should conduct comprehensive audits of their CODEOWNERS configurations to identify any potential exploitation that may have occurred during the vulnerability's window of exposure. Network monitoring should be enhanced to detect unusual patterns in branch creation or code modification activities that could indicate exploitation attempts. The vulnerability aligns with CWE-285 which addresses improper authorization in software systems, and could be mapped to ATT&CK technique T1548.005 which covers abuse of cloud compute infrastructure for privilege escalation. Organizations should also consider implementing additional security controls such as webhook monitoring, automated code review processes, and enhanced audit logging to detect and prevent unauthorized modifications to protected code sections.