CVE-2024-1250 — Privilege Chaining in Gitlab

CWE-268 — Privilege Chaining CWE-269 — Improper Privilege Management CWE-1250 — Improper Preservation of Consistency Between Independent Representations of Shared State8 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 94.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE +4 more

Timeline

PublishedFeb 12

Latest updateNov 14

Description

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages9 packages

▶CVEListV5gitlab/gitlab16.8 — 16.8.2

▶NVDgitlab/gitlab16.8.0 — 16.8.2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

GHSA

GHSA-7x52-3x7c-gwj6: An issue has been discovered in GitLab EE affecting all versions starting from 16↗2024-02-12

▶

OSV

CVE-2024-1250: An issue has been discovered in GitLab EE affecting all versions starting from 16↗2024-02-12

▶

📋Vendor Advisories

Red Hat

postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes↗2024-11-14

▶

Microsoft

PostgreSQL row security below e.g. subqueries disregards user ID changes↗2024-11-12

▶

GitLab

CVE-2024-1250: An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_g↗2024-02-12

▶

Debian

CVE-2024-1250: gitlab - An issue has been discovered in GitLab EE affecting all versions starting from 1...↗2024

▶