An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2182.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/403012 | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
09 May 2023, 20:47
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gitlab
Gitlab gitlab |
|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:gitlab:gitlab:15.11.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2182.json - Vendor Advisory | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/403012 - Exploit, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
03 May 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-03 22:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-2182
Mitre link : CVE-2023-2182
CVE.ORG link : CVE-2023-2182
JSON object : View
Products Affected
gitlab
- gitlab
CWE