CVE-2025-10871
Missing Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Productos afectados
GitLab · GitLab¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →