Privilege Escalation Vulnerability Affects GitLab Versions
CVE-2024-1299

8.1HIGH

Key Information:

Vendor
Gitlab
Status
Gitlab
Vendor
CVE Published:
7 March 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

Summary

A privilege escalation vulnerability has been identified in GitLab that impacts users with a custom role of 'manage_group_access_tokens'. This issue allows such users to rotate group access tokens with owner-level privileges, potentially compromising the security of sensitive group resources. This vulnerability affects GitLab versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2, underscoring the need for users to upgrade their instances to mitigate associated risks.

Affected Version(s)

GitLab 16.8 < 16.8.4

GitLab 16.9 < 16.9.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-1299 - Proof of Concept

News Articles

favicon imageCybersecurityNews

Gitlab Authorization Bypass Vulnerability Let Attackers Steal Protected Variables

GitLab has announced the release of updated versions for its CE and Enterprise Edition (EE) platforms, addressing critical vulnerabilities

10 months ago

References

https://gitlab.com/gitlab-org/gitlab/-/issues/440745
issue-trackingpermissions-required
https://hackerone.com/reports/2356976
technical-descriptionexploitpermissions-required
https://about.gitlab.com/releases/2024/03/06/security-rel...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by CybersecurityNews

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)1 News Article(s)

Credit

Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program
.