CVE-2017-11438
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
02/08/2017
Last modified:
20/04/2025
Description
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gitlab:gitlab:9.0.0:*:*:*:community:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.0:*:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.1:*:*:*:community:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.1:*:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.2:*:*:*:community:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.2:*:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.3:*:*:*:community:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.3:*:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.4:*:*:*:community:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.4:*:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.5:*:*:*:community:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.5:*:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.6:*:*:*:community:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.6:*:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:gitlab:gitlab:9.0.7:*:*:*:community:*:*:* |
To consult the complete list of CPE names with products and versions, see this page