CVE-2024-12303

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-12303

Severity

6.7

Medium

CVSS V3

Summary

Incorrect Privilege Assignment in GitLab

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.

References

https://images.chainguard.dev/security/CGA-prvr-4p54-397g
https://github.com/advisories/GHSA-cxxf-6583-j227
https://images.chainguard.dev/security/CGA-8gvf-qjc5-xmff
https://images.chainguard.dev/security/git%3A%2F%2Fgit%40gitlab.com%3Agitlab-org%2Fgitlab.git
https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/12xxx/CVE-2024-12303.json
https://gitlab.com/gitlab-org/gitlab/-/issues/508298
https://hackerone.com/reports/2861889
https://nvd.nist.gov/vuln/detail/CVE-2024-12303

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2024-12303

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company