CVE-2025-2242

An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/516271

Configurations

No configuration.

History

27 Mar 2025, 16:45

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de control de acceso inadecuado en GitLab CE/EE que afecta a todas las versiones desde la 17.4 anterior a la 17.8.6, la 17.9 anterior a la 17.9.3 y la 17.10 anterior a la 17.10.1 permite que un usuario que antes era administrador de instancia, pero que desde entonces ha sido degradado a usuario normal, continúe manteniendo privilegios elevados en grupos y proyectos.

27 Mar 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-27 13:15

Updated : 2025-03-27 16:45

NVD link : CVE-2025-2242

Mitre link : CVE-2025-2242

CVE.ORG link : CVE-2025-2242

JSON object : View

Products Affected

No product.

CWE

CWE-863

Incorrect Authorization

7.5 /10