6.7

CVE-2024-12303

Exploit

Incorrect Privilege Assignment in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab SwEditioncommunity Version >= 17.7.0 < 18.0.6
GitlabGitLab SwEditionenterprise Version >= 17.7.0 < 18.0.6
GitlabGitLab SwEditioncommunity Version >= 18.1.0 < 18.1.4
GitlabGitLab SwEditionenterprise Version >= 18.1.0 < 18.1.4
GitlabGitLab SwEditioncommunity Version >= 18.2.0 < 18.2.2
GitlabGitLab SwEditionenterprise Version >= 18.2.0 < 18.2.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.065
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.2 4.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
cve@gitlab.com 6.7 1.2 5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.