An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:enterprise:*:*:* |
Tue, 26 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 26 Nov 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. | |
Title | Missing Authorization in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-862 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-11-26T18:31:10.674Z
Updated: 2024-11-30T04:55:53.512Z
Reserved: 2024-08-23T10:02:10.401Z
Link: CVE-2024-8114
Vulnrichment
Updated: 2024-11-26T18:41:21.845Z
NVD
Status : Analyzed
Published: 2024-11-26T19:15:31.660
Modified: 2024-12-12T20:54:48.113
Link: CVE-2024-8114
Redhat
No data.