Privilege Defined With Unsafe Actions

CVE-2024-8631

Medium

5.5/10

Summary

A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-267 - Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

References

Advisory Timeline

Published Sep 12, 2024

Privilege Defined With Unsafe Actions

CVE-2024-8631

Summary

CWE-267 - Privilege Defined With Unsafe Actions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS