Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants.

Related CPE's

a

gitlab

gitlab

6

References

https://gitlab.com/gitlab-org/gitlab/-/issues/529006

Broken Link

https://hackerone.com/reports/3063091

Permissions Required

Weaknesses

[email protected]

Secondary
CWE-840

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

3.1 · Low

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-06-26T06:15:22.980

5 months ago

Last modified

2025-08-12T14:42:33.660

4 months ago