CVE-2024-1250

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 12, 2024
Updated: Mar 4, 2024
CWE ID 269

Summary

CVE-2024-1250 is a vulnerability discovered in GitLab EE, affecting all versions starting from 16.8 before 16.8.2. This vulnerability allows a user assigned a custom role with "manage_group_access_tokens" permission to create group access tokens with Owner privileges, potentially leading to privilege escalation. The vulnerability has a base severity rating of MEDIUM, with a base score of 6.5 according to the National Vulnerability Database (NVD). The exploitability score is 1.2, and the privileges required are HIGH. The attack vector is through the network, and the impact on integrity and confidentiality is rated as HIGH. The vulnerability does not require user interaction and has a low attack complexity. Remediation should include updating GitLab EE to version 16.8.2 or later to mitigate the risk posed by this vulnerability to organizations using GitLab EE.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1250 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options