CVE-2023-2182
Description
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GitLab EE 15.10-15.11.1 with OIDC enabled allows external users to escalate to regular users, bypassing access restrictions.
Vulnerability
An issue in GitLab EE versions 15.10.0 through 15.10.4 and 15.11.0, when OpenID Connect (OIDC) is enabled, causes the authentication flow to incorrectly reassign user roles. Users marked as 'external' are upgraded to 'regular' users, leading to privilege escalation [1].
Exploitation
An attacker with an external user account on an affected GitLab EE instance with OIDC enabled can exploit this by simply logging in via OIDC. No additional privileges or user interaction beyond normal login are required [1].
Impact
Successful exploitation grants the external user regular user privileges, allowing access to internal projects, features, and data that were previously restricted. This violates the intended access control policy [1].
Mitigation
Upgrade to GitLab EE 15.10.5 or 15.11.1, released on 2023-05-03. No workaround is available; disabling OIDC prevents the bug but may not be feasible for all deployments [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: >=15.10 <15.10.5, >=15.11 <15.11.1
- Range: >=15.10, <15.10.5
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A regression in the OIDC authentication flow causes the user's admin status to be overwritten to `false` on each login, demoting administrators to regular users."
Attack vector
An attacker who can authenticate via an OpenID Connect provider on a GitLab EE instance (version 15.10.0 through 15.10.4, or 15.11.0) can trigger the bug simply by logging in and out. No special privileges or network position is required beyond the ability to use the configured OIDC provider. Each time the user logs in via OIDC, the authentication code incorrectly resets the user's admin status to `false`, demoting administrators to regular users [ref_id=1].
Affected code
The issue is a regression from merge request 111904, which introduced a bug in the OIDC authentication flow. The log message `"(OAuth) saving user
What the fix does
The advisory does not include a patch diff, but the fix is described as a regression fix for merge request 111904 [ref_id=1]. The remediation corrects the OIDC authentication logic so that when saving a user record during login, the existing `admin` flag is preserved rather than being overwritten to `false`. GitLab released versions 15.10.5 and 15.11.1 to address this issue.
Preconditions
- configOpenID Connect must be enabled as an OmniAuth provider on the GitLab EE instance
- authThe target user must be an existing administrator who authenticates via OIDC
- configGitLab EE version must be 15.10.0 through 15.10.4, or 15.11.0
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.