Privilege Escalation Vulnerability Affects GitLab Versions

CVE-2024-1299

6.5MEDIUM

Key Information

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 7 March 2024

Badges

📰 News Worthy

Summary

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges.

Affected Version(s)

GitLab < 16.8.4

GitLab < 16.9.2

News Articles

CybersecurityNews

CVE-2024-0199CVE-2024-1299

Gitlab Authorization Bypass Vulnerability Let Attackers Steal Protected Variables

GitLab has announced the release of updated versions for its CE and Enterprise Edition (EE) platforms, addressing critical vulnerabilities

7 months ago

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

First article discovered by CybersecurityNews
Mar 8, 2024
Vulnerability published.
Mar 7, 2024
Vulnerability Reserved.
Feb 7, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program