How severe is CVE-2024-4024?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-4024?

This is classified as CWE-302, which is a common weakness in software security.

CVE-2024-4024 - HIGH Severity | CVSS 8.8

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab.

Related Vulnerabilities

CVE-2022-22729

HIGH

CVSS:8.8(High)

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 ver...

CWE-3022022

CVE-2024-12838

HIGH

CVSS:8.8(High)

The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request ...

CWE-3022024

CVE-2024-49056

HIGH

CVSS:8.8(High)

Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.

CWE-3022024

CVE-2025-24876

HIGH

CVSS:8.1(High)

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting mal...

CWE-3022025

CVE-2016-9482

CRITICAL

CVSS:9.8(Critical)

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=p...

CWE-3022016

CVE-2023-4612

CRITICAL

CVSS:9.8(Critical)

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7....

CWE-3022023