CVE-2024-8266 — Execution with Unnecessary Privileges in Gitlab

CWE-250 — Execution with Unnecessary Privileges5 documents5 sources

Severity

6.6MEDIUMNVD

EPSS

0.1%

top 81.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedFeb 13

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5gitlab/gitlab17.1 — 17.6.0

▶NVDgitlab/gitlab17.1.0 — 17.6.0

▶debiandebian/gitlab< gitlab 17.6.5-1 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-qfrc-4c6q-334p: An issue was discovered in GitLab CE/EE affecting all versions starting from 17↗2025-02-13

▶

OSV

CVE-2024-8266: An issue was discovered in GitLab CE/EE affecting all versions starting from 17↗2025-02-13

▶

📋Vendor Advisories

GitLab

CVE-2024-8266: An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to tr↗2025-02-13

▶

Debian

CVE-2024-8266: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 17....↗2024

▶