CVE-2023-3907
- Source
- https://cve.org/CVERecord?id=CVE-2023-3907
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3907.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-3907
- Aliases
- Downstream
- Published
- 2023-12-17T23:02:36.694Z
- Modified
- 2025-12-05T00:51:26.880828Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Improper User Management in GitLab
- Details
-
A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3907.json", "cna_assigner": "GitLab", "cwe_ids": [ "CWE-286" ] }- References