Home > Vulnerability Database > CVE-2024-12303

Mend.io Vulnerability Database

CVE-2024-12303

Good to know:

Date: August 13, 2025

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.

Severity Score

6.7

Related Resources (4)

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/508298

Url: https://hackerone.com/reports/2861889

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-12303

Url: https://www.mend.io/vulnerability-database/CVE-2024-12303

Severity Score

6.7

Weakness Type (CWE)

Incorrect Privilege Assignment

CWE-266

Top Fix

Upgrade Version

Upgrade to version https://gitlab.com/gitlab-org/gitlab.git - v18.0.6;https://gitlab.com/gitlab-org/gitlab.git - v18.1.4;https://gitlab.com/gitlab-org/gitlab.git - v18.2.2-ee

Learn More

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-12303

Good to know:

Date: August 13, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?