An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/439175 |
History
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-02-12T20:47:44.401Z
Updated: 2024-08-29T15:04:54.900Z
Reserved: 2024-02-06T07:02:25.333Z
Link: CVE-2024-1250
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-02-12T21:15:08.313
Modified: 2024-03-04T20:57:39.907
Link: CVE-2024-1250
Redhat
No data.