GitLab CE/EE Improper Access Control Vulnerability Allowing Privilege Escalation for Downgraded Admins

Vulnerability

A vulnerability allowing improper access control has been identified in GitLab CE/EE. This issue affects all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1. The vulnerability allows users who were previously instance admins but have been downgraded to regular users to retain elevated privileges over groups and projects.

Impact

Exploitation of this vulnerability allows downgraded instance admins to maintain unauthorized elevated privileges, potentially leading to unauthorized access or modifications within groups and projects.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab CE/EE Improper Access Control Vulnerability Allowing Privilege Escalation for Downgraded Admins

Vulnerability

Impact

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating