N/A

An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

N/A

GitLab 权限许可和访问控制问题漏洞

GitLab是美国GitLab公司的一款使用Ruby on Rails开发的、自托管的、Git（版本控制系统）项目仓库应用程序。该程序可用于查阅项目的文件内容、提交历史、Bug列表等。 GitLab 存在权限许可和访问控制问题漏洞，该漏洞源于具有“外部”状态的用户帐户在 GitLab 实例上允许“项目令牌”的任何项目上被授予“维护者”角色，可以将其权限提升为“内部”并访问内部项目。

N/A

N/A