CVE-2024-8631

Summary

CVE-2024-8631 is a privilege escalation vulnerability affecting GitLab EE versions 16.6 through 17.1.7, 17.2 through 17.2.5, and 17.3 through 17.3.2, which allows users with the Admin Group Member custom role to escalate their privileges to access other custom roles. The potential danger posed by this vulnerability is significant, as it can lead to unauthorized access and control over sensitive data and functionalities within the GitLab environment, impacting both confidentiality and integrity with a CVSS base score of 7.2 categorized as HIGH severity. To remediate this issue, organizations should upgrade to the latest patched versions of GitLab EE that address this vulnerability immediately. The vulnerability requires high privileges for exploitation and does not necessitate user interaction, making it particularly dangerous when combined with low attack complexity and high impact potential on availability and confidentiality. For further details, references can be found in reports linked from HackerOne and GitLab's issue tracking system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.