CVE-2023-3907

Summary

A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab16.0 < 16.4.4affected
GitLabGitLab16.5 < 16.5.4affected
GitLabGitLab16.6 < 16.6.2affected

Weaknesses

  • CWE-286: CWE-286: Incorrect User Management

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References