Arbitrary Project Addition Vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

Arbitrary Project Addition Vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

CVE-2017-11438 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.

Learn more about our User Device Pen Test.