CVE-2025-2938
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-08-12
Assigner: GitLab Inc.
Description
Description
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 17.3.0 (inc) to 17.11.5 (exc) |
| gitlab | gitlab | From 17.3.0 (inc) to 17.11.5 (exc) |
| gitlab | gitlab | From 18.0.0 (inc) to 18.0.3 (exc) |
| gitlab | gitlab | From 18.0.0 (inc) to 18.0.3 (exc) |
| gitlab | gitlab | 18.1.0 |
| gitlab | gitlab | 18.1.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo | |
| CWE-840 | Business Logic Errors |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GitLab CE/EE allows authenticated users to gain elevated project privileges by exploiting a flaw where role modifications during the project access approval process unintentionally grant higher permissions than intended.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized privilege escalation within projects, allowing users to perform actions beyond their intended access level, potentially compromising project integrity and security.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70