An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.
2025-07-10T09:15:30.180
2025-07-25T16:40:29.440
Analyzed
CVSSv3.1: 2.7 (LOW)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | gitlab | gitlab | < 18.0.4 | Yes |
Application | gitlab | gitlab | < 18.1.2 | Yes |