Main Vulnerability Database Vulnerabilities #VU100973

#VU100973 Missing Authorization in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2024-8114

Published: November 27, 2024

Vulnerability identifier: #VU100973

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-8114

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Gitlab Community Edition
GitLab Enterprise Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to missing authorization within LFS Tokens, which leads to security restrictions bypass and privilege escalation.

Install updates from vendor's website.