CVE-2024-12303 Incorrect Privilege Assignment in GitLab

🗓️ 13 Aug 2025 17:27:45Reported by GitLabType

GitLab privilege flaw lets authenticated users with specific roles delete issues including confidential by inviting a role; affects multiple versions.

Reporter	Title	Published	Views	Family All 24
FreeBSD	Gitlab -- vulnerabilities	13 Aug 202500:00	–	freebsd
Chainguard	CVE-2024-12303 vulnerabilities	11 Sep 202514:22	–	cgr
Circl	CVE-2024-12303	13 Aug 202517:59	–	circl
CNNVD	GitLab 安全漏洞	13 Aug 202500:00	–	cnnvd
CVE	CVE-2024-12303	13 Aug 202517:27	–	cve
Debian CVE	CVE-2024-12303	13 Aug 202517:27	–	debiancve
EUVD	EUVD-2024-54877	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (7bfe6f39-78be-11f0-9d03-2cf05da270f3)	14 Aug 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-12303	31 Aug 202500:00	–	nessus
NVD	CVE-2024-12303	13 Aug 202518:15	–	nvd

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "17.7",
        "status": "affected",
        "lessThan": "18.0.6",
        "versionType": "semver"
      },
      {
        "version": "18.1",
        "status": "affected",
        "lessThan": "18.1.4",
        "versionType": "semver"
      },
      {
        "version": "18.2",
        "status": "affected",
        "lessThan": "18.2.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/508298
hackerone	www.hackerone.com/reports/2861889

13 Aug 2025 17:27Current

CVSS 3.16.7

EPSS0.00374

CWE-266