Security Advisory

CVE-2024-1250

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-12 20:47:44

Last updated 2026-05-12 04:06:21

Assigner GitLab

State PUBLISHED

Description

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.

← Browse all CVEs View on cve.org ↗