CVE-2024-1299 - A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.

CVE-2024-1299

Summary

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/440745
https://hackerone.com/reports/2356976
https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

03-10-2024 - 07:15

Published

07-03-2024 - 01:15

Last modified

03-10-2024 - 07:15