CVE Vulnerabilities

CVE-2024-1250

Published: Feb 12, 2024 | Modified: Mar 04, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 16.8.0 (including) 16.8.2 (excluding)
Gitlab Ubuntu esm-apps/xenial *
Gitlab Ubuntu xenial *

References