Security Advisory

CVE-2024-1299

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-07 00:39:45
Last updated 2024-10-03 06:23:18
Assigner GitLab
State PUBLISHED

Description

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges.