CVE-2024-1299

Опубликовано: 07 мар. 2024

Источник: nvd

CVSS3: 6.5

CVSS3: 8.1

EPSS Низкий

Описание

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of manage_group_access_tokens to rotate group access tokens with owner privileges.

Ссылки

https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
Release Notes
https://gitlab.com/gitlab-org/gitlab/-/issues/440745
Exploit
Issue Tracking
https://hackerone.com/reports/2356976
Permissions Required
https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
Release Notes
https://gitlab.com/gitlab-org/gitlab/-/issues/440745
Exploit
Issue Tracking
https://hackerone.com/reports/2356976
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 16.8.0 (включая) до 16.8.4 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 16.8.0 (включая) до 16.8.4 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 16.9.0 (включая) до 16.9.2 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 16.9.0 (включая) до 16.9.2 (исключая)

EPSS

Процентиль: 4%

0.00021

Низкий

6.5 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-268

NVD-CWE-noinfo

Связанные уязвимости

CVE-2024-1299

CVSS3: 6.5

ubuntu

больше 1 года назад

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges.

CVE-2024-1299

CVSS3: 6.5

debian

больше 1 года назад

A privilege escalation vulnerability was discovered in GitLab affectin ...

GHSA-27h4-9w4j-cp97

CVSS3: 6.5

github

больше 1 года назад

EPSS

Процентиль: 4%

0.00021

Низкий

6.5 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-268

NVD-CWE-noinfo