CVE-2023-6396: Members with admin_group_member custom permission can add members with higher role
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. When a user is assigned a custom role with admingroupmember enabled, they may be able to add a member with a higher static role than themselves to the group which may lead to privilege escalation.
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
What is the severity of CVE-2023-6396?
CVE-2023-6396 is considered a moderate severity vulnerability as it allows users with custom roles to escalate privileges inadvertently.
How do I fix CVE-2023-6396?
To fix CVE-2023-6396, update your GitLab EE installation to version 16.5.3 or 16.6.1 or later.
Which GitLab versions are affected by CVE-2023-6396?
CVE-2023-6396 affects GitLab EE versions from 16.5 up to 16.5.2 and from 16.6 up to 16.6.0.
What types of roles are involved in CVE-2023-6396?
CVE-2023-6396 involves custom roles where 'admin_group_member' is enabled, potentially allowing higher role assignments.
Is CVE-2023-6396 exploitable remotely?
Yes, CVE-2023-6396 can be exploited by an authenticated user with a custom role who has access to the member management feature.