Primary

Context

GitLab EE Group Memberships Business Logic Error Vulnerability

Vulnerability

Patched

A business logic error vulnerability has been identified in GitLab Enterprise Edition (EE) versions 18.4 prior to 18.4.3 and 18.5 prior to 18.5.1. Under certain conditions, this vulnerability could have allowed authenticated users to gain unauthorized access to projects by exploiting the access request approval workflow.

Impact

Exploitation of this vulnerability could have led to unauthorized project access for authenticated users.

Remediation

GitLab has released patch versions 18.5.1, 18.4.3, and 18.3.5. It is strongly recommended that all self-managed GitLab installations be upgraded to one of these versions immediately.

Added: Oct 27, 2025, 12:17 AM

Updated: Oct 27, 2025, 12:17 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab EE Group Memberships Business Logic Error Vulnerability

Vulnerability

Impact

Remediation

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating