GitLab EE Compliance Framework Assignment Vulnerability

Vulnerability

A vulnerability exists in GitLab EE versions 16.10 prior to 17.11.5, 18.0 prior to 18.0.3, and 18.1 prior to 18.1.1. This issue could have allowed authenticated users to improperly assign compliance frameworks to projects. The vulnerability arose from the ability to send manipulated GraphQL mutations that circumvented permission checks specific to the frameworks.

Impact

Exploitation of this vulnerability could lead to improper assignment of compliance frameworks, allowing users to assign unrelated frameworks to projects without the necessary permissions.

Added: Jun 26, 2025, 6:23 AM

Updated: Jun 26, 2025, 6:23 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab EE Compliance Framework Assignment Vulnerability

Vulnerability

Impact

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating