How severe is CVE-2023-3915?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2023-3915?

This is classified as CWE-279, which is a common weakness in software security.

CVE-2023-3915 - HIGH Severity | CVSS 7.2

Vulnerability Description

An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects.

Related Vulnerabilities

CVE-2023-50914

MEDIUM

CVSS:6.7(Medium)

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directorie...

CWE-2792023

CVE-2024-37025

MEDIUM

CVSS:6.7(Medium)

Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalat...

CWE-2792024

CVE-2023-4383

HIGH

CVSS:7.8(High)

A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect exe...

CWE-2792023

CVE-2024-11220

HIGH

CVSS:7.8(High)

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file o...

CWE-2792024

CVE-2025-22843

HIGH

CVSS:7.8(High)

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local a...

CWE-2792025

CVE-2023-4665

HIGH

CVSS:8.8(High)

Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.

CWE-2792023