CVE-2024-1250

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-268
View all →

Vulnerability Description

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.

Related Vulnerabilities

CVE-2023-2250

MEDIUM
CVSS:6.7(Medium)

A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user...

CWE-2682023

CVE-2025-32955

MEDIUM
CVSS:6.0(Medium)

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a polic...

CWE-2682025

CVE-2023-0759

MEDIUM
CVSS:5.3(Medium)

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.

CWE-2682023

CVE-2024-47045

HIGH
CVSS:7.8(High)

Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges t...

CWE-2682024

CVE-2025-20112

MEDIUM
CVSS:5.1(Medium)

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vu...

CWE-2682025

CVE-2022-1003

MEDIUM
CVSS:4.9(Medium)

One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way th...

CWE-2682022