A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges.
References
Configurations
No configuration.
History
03 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CWE | CWE-268 |
07 Mar 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-07 01:15
Updated : 2024-10-03 07:15
NVD link : CVE-2024-1299
Mitre link : CVE-2024-1299
CVE.ORG link : CVE-2024-1299
JSON object : View
Products Affected
No product.
CWE
CWE-268
Privilege Chaining