GitLab contains a missing authorization check that allows an authenticated user who has membership in a project to enumerate the private members of any group. The flaw does not grant code execution or modification privileges, but it does expose confidential membership information that could be used to map organizational structures, identify sensitive accounts, or support phishing and social engineering campaigns. The potential impact is primarily an unauthorized information disclosure rather than a direct disruption or compromise of system integrity.

The vulnerability applies to GitLab Community Edition and Enterprise Edition from version 15.1 up to and excluding 18.9.7, from 18.10 up to excluding 18.10.6, and from 18.11 up to excluding 18.11.3. All earlier 18.x releases below the specified patch thresholds are also affected. This includes every installation of GitLab CE/EE that has not been updated to at least 18.9.7, 18.10.6, or 18.11.3.

The CVSS score of 4.3 indicates moderate severity, and the EPSS score is not available, so an estimate of exploitation likelihood cannot be made from publicly available data. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploitation at the time of this analysis. An attacker would need to be an authenticated user with membership in a project – a condition that can be engineered by a compromised or misconfigured account. Once the flaw is utilized, the attacker can view private group membership lists, which may be leveraged for further targeting. The risk is therefore moderate, and remediation should occur promptly to avoid potential insider threats.