A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of manage_group_access_tokens
to rotate group access tokens with owner privileges.
{ "cpes": [ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*", "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*", "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" ], "severity": "Medium" }