GitLab CE/EE Elevated Project Privileges Vulnerability

Vulnerability

A vulnerability exists in GitLab CE/EE versions 17.3 prior to 17.11.5, 18.0 prior to 18.0.3, and 18.1 prior to 18.1.1. This issue could have allowed authenticated users to gain elevated project privileges. The vulnerability arises from role modifications during the approval process, which unintentionally granted additional permissions to users who requested access to certain projects.

Impact

Exploitation of this vulnerability could lead to unauthorized elevation of project privileges for authenticated users.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab CE/EE Elevated Project Privileges Vulnerability

Vulnerability

Impact

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating