Privilege escalation vulnerability in GitLab EE - CVE-2023-2182 (dpkg)ID: oval:org.secpod.oval:def:89786 | Date: (C)2023-05-12 (M)2023-11-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab EE 15.10 before 15.10.5, 15.11 before 15.11.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an issue in OpenID connect. Successful exploitation allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.