CVE-2024-12303

Published: Aug 13, 2025Modified: Aug 15, 2025

5.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Exploitability: 1.2 / Impact: 4.2

Source: NVD

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 17.7.0 to 18.0.6
Gitlab Gitlab	From 18.1.0 to 18.1.4
Gitlab Gitlab	From 18.2.0 to 18.2.2
Gitlab Gitlab	From 17.7.0 to 18.0.6
Gitlab Gitlab	From 18.1.0 to 18.1.4
Gitlab Gitlab	From 18.2.0 to 18.2.2

Related CWEs

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/508298

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/2861889

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.