A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner
Fixes

Solution

Upgrade to version 16.4.4, 16.5.4 or 16.6.2


Workaround

No workaround given by the vendor.

History

Tue, 08 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269 NVD-CWE-Other

Thu, 03 Oct 2024 06:30:00 +0000

Type Values Removed Values Added
Title Improper Privilege Management in GitLab Improper User Management in GitLab
Weaknesses CWE-286

Thu, 19 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 29 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2025-05-22T04:07:03.532Z

Reserved: 2023-07-25T10:30:28.613Z

Link: CVE-2023-3907

cve-icon Vulnrichment

Updated: 2024-08-02T07:08:50.859Z

cve-icon NVD

Status : Analyzed

Published: 2023-12-17T23:15:43.937

Modified: 2025-05-05T14:14:48.773

Link: CVE-2023-3907

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.