CVE-2017-11438
MEDIUMGitLab CE and EE < 9.0.11, 9.1.8, 9.2.8 - Authenticated Privilege Escalation via Group Creation
Title source: llmDescription
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/
Scores
CVSS v3
6.3
EPSS
0.0012
EPSS Percentile
30.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-269
Status
published
Products (25)
gitlab/gitlab
9.0.0 (2 CPE variants)
gitlab/gitlab
9.0.1 (2 CPE variants)
gitlab/gitlab
9.0.2 (2 CPE variants)
gitlab/gitlab
9.0.3 (2 CPE variants)
gitlab/gitlab
9.0.4 (2 CPE variants)
gitlab/gitlab
9.0.5 (2 CPE variants)
gitlab/gitlab
9.0.6 (2 CPE variants)
gitlab/gitlab
9.0.7 (2 CPE variants)
gitlab/gitlab
9.0.8 (2 CPE variants)
gitlab/gitlab
9.0.9 (2 CPE variants)
... and 15 more
Published
Aug 02, 2017
Tracked Since
Feb 18, 2026