CVE-2023-2182

Published: May 3, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.

Affected (2)

Products: Gitlab: Gitlab

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 15.10.0 to 15.10.5
Gitlab Gitlab	Version 15.11.0

References (4)

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2182.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/403012

Source: cve@gitlab.com

ExploitVendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2182.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/403012

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.