GitLab Enterprise Edition contains a flaw in its Group SAML identity management that can allow an authenticated user with group Owner privileges to assume the identity of another group member, effectively taking over that account. This vulnerability corresponds to CWE‑639 and represents an invalid authorization check where a user‑controlled key bypasses access control. An attacker who can log into the platform and is granted group Owner status could exploit the flaw without needing any additional credentials.

The vulnerability affects GitLab EE for all releases from version 15.5 through 18.10.7, 18.11.0 through 18.11.4, and 19.0.0 through 19.0.1. Any instance in which Group SAML authentication is enabled and a group includes an Owner role is susceptible. The fix is available in GitLab EE 18.10.8, 18.11.5, 19.0.2 and later.

With a CVSS base score of 8.7, the flaw is considered a high‑severity vulnerability. The EPSS score is not provided, so the current probability of exploitation is uncertain, and it is not listed in the CISA KEV catalog. The attack requires authenticated access to GitLab with a group Owner role, use of the Group SAML feature, and does not depend on network exposure or elevated privileges beyond the Owner role. An attacker could therefore covertly compromise group members’ accounts, potentially gaining broader access to repository data, issues, or project infrastructure. Remediation is strongly recommended because of the potential for widespread account takeover.