Vulnerabilities > CVE-2024-1250 - Unspecified vulnerability in Gitlab 16.8.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

gitlab

NVD

Published: 2024-02-12

Updated: 2024-03-04

Summary

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.

Vulnerable Configurations

Part	Description	Count
Application	Gitlab Gitlab Gitlab 16.8.0	1

References

https://gitlab.com/gitlab-org/gitlab/-/issues/439175