CVE-2024-1250

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 08:50

Type Values Removed Values Added
References () https://gitlab.com/gitlab-org/gitlab/-/issues/439175 - Permissions Required () https://gitlab.com/gitlab-org/gitlab/-/issues/439175 - Permissions Required

03 Oct 2024, 07:15

Type Values Removed Values Added
CWE CWE-269 CWE-268

04 Mar 2024, 20:57

Type Values Removed Values Added
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
First Time Gitlab
Gitlab gitlab
CWE NVD-CWE-noinfo
References () https://gitlab.com/gitlab-org/gitlab/-/issues/439175 - () https://gitlab.com/gitlab-org/gitlab/-/issues/439175 - Permissions Required

12 Feb 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-12 21:15

Updated : 2024-11-21 08:50


NVD link : CVE-2024-1250

Mitre link : CVE-2024-1250

CVE.ORG link : CVE-2024-1250


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-268

Privilege Chaining

NVD-CWE-noinfo