A privilege escalation vulnerability exists in GitLab affecting versions 16.8 before 16.8.4 and 16.9 before 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges.