Vulnerabilities > CVE-2024-1299 - Unspecified vulnerability in Gitlab

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

gitlab

NVD

Published: 2024-03-07

Updated: 2024-12-11

Summary

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges.

Vulnerable Configurations

Part	Description	Count
Application	Gitlab Gitlab Gitlab 16.9.0 Gitlab Gitlab 16.9.1 Gitlab Gitlab 16.8.0 Gitlab Gitlab 16.8.1 Gitlab Gitlab 16.8.2 Gitlab Gitlab 16.8.3	12

References

https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/440745
https://gitlab.com/gitlab-org/gitlab/-/issues/440745
https://hackerone.com/reports/2356976
https://hackerone.com/reports/2356976