A critical authorization vulnerability in GitLab EE has been observed in the wild, allowing authenticated group owners to compromise the accounts of other group members.

The vulnerability stems from an improper authorization flaw within the Group SAML identity management functionality. It allows an authenticated user with a group Owner role to manipulate identity associations, enabling the takeover of another group member's account.

With a CVSS score of 8.7, this flaw poses a severe risk to organizational identity and access management. Because this vulnerability has been confirmed as exploited in the wild, the threat to business continuity and data integrity is immediate, potentially allowing attackers to bypass standard authentication controls and gain unauthorized access to proprietary intellectual property.

Immediate Action: Patch all affected GitLab EE installations to version 19.0.2, 18.11.5, or 18.10.8 immediately.

Proactive Monitoring: Monitor SAML authentication logs and group membership changes for suspicious modifications or unauthorized identity linking activities.

Compensating Controls: Restrict "Owner" role permissions to a minimal set of trusted administrators until the patch is successfully applied to reduce the attack surface.

Public Exploit Available: false

This vulnerability represents an active and critical threat to your environment. Administrators should verify if any unauthorized SAML identity modifications have occurred in their audit logs and apply the recommended security updates without delay to prevent further exploitation.