CVE-2017-11438

MEDIUM

Gitlab - Improper Privilege Management

Title source: rule

Description

GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.

References (1)

[Release Notes, Vendor Advisory] https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/

Scores

CVSS v3 6.3

EPSS 0.0012

EPSS Percentile 30.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-269

Status published

Products (50)

gitlab/gitlab

... and 40 more

Published Aug 02, 2017

Tracked Since Feb 18, 2026