A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities.
Weakness
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gitlab | Gitlab | 16.6.0 (including) | 18.2.7 (excluding) |
| Gitlab | Gitlab | 18.3.0 (including) | 18.3.3 (excluding) |
| Gitlab | Gitlab | 18.4.0 (including) | 18.4.0 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/58.html
- https://cwe.mitre.org/data/definitions/634.html
- https://cwe.mitre.org/data/definitions/637.html
- https://cwe.mitre.org/data/definitions/643.html
- https://cwe.mitre.org/data/definitions/648.html