CVE-2024-12303

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-12303
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12303.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-12303
Aliases
Downstream
Related
Published
2025-08-13T18:15:28Z
Modified
2025-08-18T08:59:38.299073Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
1fd574ee5710155adf5307fba45132264dcb64a1
Fixed
85327bfea0841b1eda70dc49b76918681510f967