4 matches found
foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...
CVE-2025-7691
A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access...
CVE-2025-7691 Privilege Defined With Unsafe Actions in GitLab
A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access...
PT-2025-39627
Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.6 through 18.2.6 GitLab EE versions 18.3 through 18.3.2 GitLab EE versions 18.4 through 18.4.0 Description A privilege escalation issue exists in GitLab EE. A developer possessing specific group management permissions may...