CVE-2025-2938

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-2938

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2938.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-2938

Aliases

BIT-gitlab-2025-2938

Related

UBUNTU-CVE-2025-2938

Published

2025-06-26T06:15:22Z

Modified

2025-06-30T15:57:13.629871Z

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

5aad128b1defa01641e69fdcd5a2ec16bd1d4c2c

Fixed

946e44702b94b9e7ffd1e2b0562c307690b34249