First published: Wed May 03 2023(Updated: )
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=15.10.0<15.10.5 | |
GitLab GitLab | =15.11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-2182 is a vulnerability in GitLab EE versions 15.10 before 15.10.5 and 15.11 before 15.11.1 that allows users who are marked as 'external' to become 'regular' users.
The severity of CVE-2023-2182 is high with a CVSS score of 8.8.
CVE-2023-2182 affects all versions of GitLab EE starting from 15.10 before 15.10.5 and 15.11 before 15.11.1 when OpenID Connect is enabled, allowing 'external' users to become 'regular' users.
To mitigate the risk of CVE-2023-2182, update GitLab EE to version 15.10.5 or 15.11.1 or later.
You can find more information about CVE-2023-2182 on the GitLab issue tracker and the GitLab CVE database.