CVE-2023-2182
Published May 3, 2023
Last updated 2 years ago
Overview
- Description
- An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.
- Source
- cve@gitlab.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A3B26FC-86C2-400D-8025-C4C6E2949549",
"versionEndExcluding": "15.10.5",
"versionStartIncluding": "15.10.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:15.11.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49CD6C7F-81E5-422B-B29C-0C63B8FDF431"
}
],
"operator": "OR"
}
]
}
]