CVE-2024-12303

Incorrect Privilege Assignment issue in delete issues operation impacts GitLab CE/EE (GitLab CE/EE における Issue 削除の権限制御不備)

GitLab has remediated an issue that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.

Disclosure Date

2024/12/02

Credit

Yuki Osaki

Reference

https://www.cve.org/CVERecord?id=CVE-2022-21158
https://jvn.jp/jp/JVN89524240/
https://github.com/marktext/marktext/releases/tag/v0.17.0

Back

Incorrect Privilege Assignment issue in delete issues operation impacts GitLab CE/EE (GitLab CE/EE における Issue 削除の権限制御不備)

Disclosure Date

Credit

Reference

会社情報

サービス紹介

お問い合わせ