First published: Wed Feb 21 2024(Updated: )
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=16.5.0<16.7.6 | |
GitLab GitLab | >=16.8.0<=16.8.3 | |
GitLab GitLab | =16.9.0 |
Upgrade to versions 16.9.1, 16.8.3, 16.7.6 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.