CVE-2024-1299 - Vulnerability Details - OpenCVE

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

No data.

References

Link	Providers
https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/440745
https://hackerone.com/reports/2356976

History

Wed, 11 Dec 2024 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

Mon, 07 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 03 Oct 2024 07:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-863

Thu, 03 Oct 2024 06:30:00 +0000

Type	Values Removed	Values Added
Title	Incorrect Authorization in GitLab	Privilege Chaining in GitLab
Weaknesses		CWE-268

Thu, 29 Aug 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gitlab Gitlab gitlab
CPEs		cpe:2.3:a:gitlab:gitlab::::::::
Vendors & Products		Gitlab Gitlab gitlab

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-03-07T00:39:45.501Z

Updated: 2024-10-03T06:23:18.349Z

Reserved: 2024-02-07T06:02:37.306Z

Link: CVE-2024-1299

Vulnrichment

Updated: 2024-08-01T18:33:25.390Z

NVD

Status : Analyzed

Published: 2024-03-07T01:15:52.443

Modified: 2024-12-11T20:23:27.497

Link: CVE-2024-1299

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1299", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-02-07T06:02:37.306Z", "datePublished": "2024-03-07T00:39:45.501Z", "dateUpdated": "2024-10-03T06:23:18.349Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "versions": [{"lessThan": "16.8.4", "status": "affected", "version": "16.8", "versionType": "semver"}, {"lessThan": "16.9.2", "status": "affected", "version": "16.9", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-268", "description": "CWE-268: Privilege Chaining", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:18.349Z"}, "references": [{"name": "GitLab Issue #440745", "tags": ["issue-tracking", "permissions-required"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/440745"}, {"name": "HackerOne Bug Bounty Report #2356976", "tags": ["technical-description", "exploit", "permissions-required"], "url": "https://hackerone.com/reports/2356976"}, {"url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.8.4, 16.9.2 or above."}], "title": "Privilege Chaining in GitLab"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-12T04:00:39.662499Z", "id": "CVE-2024-1299", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T15:39:12.786Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.390Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/440745", "name": "GitLab Issue #440745", "tags": ["issue-tracking", "permissions-required", "x_transferred"]}, {"url": "https://hackerone.com/reports/2356976", "name": "HackerOne Bug Bounty Report #2356976", "tags": ["technical-description", "exploit", "permissions-required", "x_transferred"]}, {"url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/440745", "name": "GitLab Issue #440745", "tags": ["issue-tracking", "permissions-required", "x_transferred"]}, {"url": "https://hackerone.com/reports/2356976", "name": "HackerOne Bug Bounty Report #2356976", "tags": ["technical-description", "exploit", "permissions-required", "x_transferred"]}, {"url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.390Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1299", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-12T04:00:39.662499Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-18T20:19:49.232Z"}}], "cna": {"title": "Privilege Chaining in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "16.8", "lessThan": "16.8.4", "versionType": "semver"}, {"status": "affected", "version": "16.9", "lessThan": "16.9.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.8.4, 16.9.2 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/440745", "name": "GitLab Issue #440745", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2356976", "name": "HackerOne Bug Bounty Report #2356976", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/"}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-268", "description": "CWE-268: Privilege Chaining"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:18.349Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1299", "state": "PUBLISHED", "dateUpdated": "2024-10-03T06:23:18.349Z", "dateReserved": "2024-02-07T06:02:37.306Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2024-03-07T00:39:45.501Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "C1D7C60A-061E-44F9-AE22-D548DE53B117", "versionEndExcluding": "16.8.4", "versionStartIncluding": "16.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2F20E088-CE58-4838-B756-612BB8687809", "versionEndExcluding": "16.8.4", "versionStartIncluding": "16.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "D02C567D-8E1A-42C8-83A3-CF368AB3204F", "versionEndExcluding": "16.9.2", "versionStartIncluding": "16.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "254A5DA0-23B6-45B2-A91E-F9825E717290", "versionEndExcluding": "16.9.2", "versionStartIncluding": "16.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de escalada de privilegios en GitLab que afecta a las versiones 16.8 anteriores a 16.8.4 y 16.9 anteriores a 16.9.2. Era posible que un usuario con el rol personalizado `manage_group_access_tokens` rotara tokens de acceso de grupo con privilegios de propietario."}], "id": "CVE-2024-1299", "lastModified": "2024-12-11T20:23:27.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-07T01:15:52.443", "references": [{"source": "cve@gitlab.com", "tags": ["Release Notes"], "url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/"}, {"source": "cve@gitlab.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/440745"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2356976"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/440745"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2356976"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-268"}], "source": "cve@gitlab.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}