Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2485: 2023/CVE-2023-2485.json · master · GitLab.org / cves · GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of.

CVE
Open in Source
#js#git#auth

Skip to content

GitLab

Next

    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn

  • Pricing

  • Talk to an expert

  • /

  • Help

    • Help

    • Support

    • Community forum

    • Submit feedback

    • Contribute to GitLab

    Projects Groups Topics Snippets

  • Register

  • Sign in

  • GitLab.org

  • cves

  • Repository

  • cves

  • 2023

  • CVE-2023-2485.json

Find file BlameHistoryPermalink

  • Publishing 0 updated advisories and 2 new advisories · 00b92a13

    🤖 GitLab Bot 🤖 authored Jun 06, 2023

    00b92a13

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE