An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gitlab | Gitlab | * | * |
Gitlab | Gitlab | * | * |
Gitlab | Gitlab | 15.8.0 | * |
Gitlab | Gitlab | 15.8.0 | * |
Gitlab | Gitlab | 15.9.0 | * |
Gitlab | Gitlab | 15.9.0 | * |