CVE-2025-10871
Missing Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Produtos afetados
GitLab · GitLabQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →