PT-2024-39145 · Gitlab · Gitlab Ce/Ee+1

Chotebabume

Published

2024-09-12

Updated

2024-09-16

CVE-2024-8631

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.6 through 17.1.7 GitLab EE versions 17.2 through 17.2.5 GitLab EE versions 17.3 through 17.3.2

Description: A privilege escalation issue has been discovered in GitLab EE. This issue allows a user assigned the Admin Group Member custom role to escalate their privileges to include other custom roles.

Recommendations: For GitLab EE versions 16.6 through 17.1.7, update to version 17.1.7 or later. For GitLab EE versions 17.2 through 17.2.5, update to version 17.2.5 or later. For GitLab EE versions 17.3 through 17.3.2, update to version 17.3.2 or later. As a temporary workaround, consider restricting the use of the Admin Group Member custom role until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-267

Related Identifiers

BIT-GITLAB-2024-8631

CVE-2024-8631

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2024-39145 · Gitlab · Gitlab Ce/Ee+1

CVE-2024-8631

Weakness Enumeration

Related Identifiers

Affected Products

References · 12