Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-7x52-3x7c-gwj6

Опубликовано: 12 фев. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 6.5

Описание

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.

Ссылки

EPSS

Процентиль: 3%
0.00017
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2024-1250

Дефекты

CWE-268
CWE-269

Связанные уязвимости

ubuntu логотип

CVE-2024-1250

CVSS3: 6.5
ubuntu
почти 2 года назад

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.

nvd логотип

CVE-2024-1250

CVSS3: 6.5
nvd
почти 2 года назад

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.

debian логотип

CVE-2024-1250

CVSS3: 6.5
debian
почти 2 года назад

An issue has been discovered in GitLab EE affecting all versions start ...

fstec логотип

BDU:2024-05545

CVSS3: 6.5
fstec
почти 2 года назад

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с небезопасным управлением привилегиями, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 3%
0.00017
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2024-1250

Дефекты

CWE-268
CWE-269