CVE-2024-1299

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 7, 2024

CWE ID 863

Summary

CVE-2024-1299 is a privilege escalation vulnerability affecting GitLab versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. A user with the custom role of `manage_group_access_tokens` was able to exploit this vulnerability and rotate group access tokens, effectively gaining owner privileges. This vulnerability poses a significant risk as it allows unauthorized users to escalate their access and potentially compromise the security of the affected GitLab instance. It is strongly recommended that users upgrade to the latest versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ubkZqP
https://www.cve.org/CVERecord?id=CVE-2024-1299
https://nvd.nist.gov/vuln/detail/CVE-2024-1299

Back to Vulnerability Database

CVE-2024-1299

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations