Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2025-2684
Vulnerability from csaf_certbund - Published: 2025-11-26 23:00 - Updated: 2025-11-26 23:00Summary
GitLab: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
GitLab ist eine Webanwendung zur Versionsverwaltung für Softwareprojekte auf Basis von git.
Angriff
Ein Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um Benutzerrechte zu erlangen, einen Denial of Service herbeizuführen, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "GitLab ist eine Webanwendung zur Versionsverwaltung f\u00fcr Softwareprojekte auf Basis von git.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um Benutzerrechte zu erlangen, einen Denial of Service herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2684 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2684.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2684 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2684"
},
{
"category": "external",
"summary": "GitLab Patch Release: 18.6.1, 18.5.3, 18.4.5 vom 2025-11-26",
"url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/"
}
],
"source_lang": "en-US",
"title": "GitLab: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-26T23:00:00.000+00:00",
"generator": {
"date": "2025-11-27T08:57:10.395+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2684",
"initial_release_date": "2025-11-26T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-26T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c18.6.1",
"product": {
"name": "Open Source GitLab \u003c18.6.1",
"product_id": "T048912"
}
},
{
"category": "product_version",
"name": "18.6.1",
"product": {
"name": "Open Source GitLab 18.6.1",
"product_id": "T048912-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:18.6.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.5.3",
"product": {
"name": "Open Source GitLab \u003c18.5.3",
"product_id": "T048913"
}
},
{
"category": "product_version",
"name": "18.5.3",
"product": {
"name": "Open Source GitLab 18.5.3",
"product_id": "T048913-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:18.5.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.4.5",
"product": {
"name": "Open Source GitLab \u003c18.4.5",
"product_id": "T048914"
}
},
{
"category": "product_version",
"name": "18.4.5",
"product": {
"name": "Open Source GitLab 18.4.5",
"product_id": "T048914-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:18.4.5"
}
}
}
],
"category": "product_name",
"name": "GitLab"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-9183",
"product_status": {
"known_affected": [
"T048913",
"T048912",
"T048914"
]
},
"release_date": "2025-11-26T23:00:00.000+00:00",
"title": "CVE-2024-9183"
},
{
"cve": "CVE-2025-12571",
"product_status": {
"known_affected": [
"T048913",
"T048912",
"T048914"
]
},
"release_date": "2025-11-26T23:00:00.000+00:00",
"title": "CVE-2025-12571"
},
{
"cve": "CVE-2025-12653",
"product_status": {
"known_affected": [
"T048913",
"T048912",
"T048914"
]
},
"release_date": "2025-11-26T23:00:00.000+00:00",
"title": "CVE-2025-12653"
},
{
"cve": "CVE-2025-7449",
"product_status": {
"known_affected": [
"T048913",
"T048912",
"T048914"
]
},
"release_date": "2025-11-26T23:00:00.000+00:00",
"title": "CVE-2025-7449"
},
{
"cve": "CVE-2025-6195",
"product_status": {
"known_affected": [
"T048913",
"T048912",
"T048914"
]
},
"release_date": "2025-11-26T23:00:00.000+00:00",
"title": "CVE-2025-6195"
},
{
"cve": "CVE-2025-13611",
"product_status": {
"known_affected": [
"T048913",
"T048912",
"T048914"
]
},
"release_date": "2025-11-26T23:00:00.000+00:00",
"title": "CVE-2025-13611"
}
]
}
CVE-2025-12653 (GCVE-0-2025-12653)
Vulnerability from cvelistv5 – Published: 2025-11-26 19:46 – Updated: 2025-12-10 23:01
VLAI?
EPSS
Title
Authentication Bypass by Spoofing in GitLab
Summary
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests.
Severity ?
6.5 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:41:33.855824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:35:10.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.4.5",
"status": "affected",
"version": "18.3",
"versionType": "semver"
},
{
"lessThan": "18.5.3",
"status": "affected",
"version": "18.5",
"versionType": "semver"
},
{
"lessThan": "18.6.1",
"status": "affected",
"version": "18.6",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T23:01:24.241Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Security Release Blog Post",
"tags": [
"vendor-advisory"
],
"url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/"
},
{
"name": "GitLab Issue #579372",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579372"
},
{
"name": "HackerOne Bug Bounty Report #3370245",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/3370245"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.4.5, 18.5.3, 18.6.1 or above."
}
],
"title": "Authentication Bypass by Spoofing in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-12653",
"datePublished": "2025-11-26T19:46:12.641Z",
"dateReserved": "2025-11-03T20:33:36.697Z",
"dateUpdated": "2025-12-10T23:01:24.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9183 (GCVE-0-2024-9183)
Vulnerability from cvelistv5 – Published: 2025-12-05 16:34 – Updated: 2025-12-10 04:48
VLAI?
EPSS
Title
Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
Summary
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.
Severity ?
7.7 (High)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Thanks [aphantom](https://hackerone.com/aphantom) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T04:55:53.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.4.5",
"status": "affected",
"version": "18.4",
"versionType": "semver"
},
{
"lessThan": "18.5.3",
"status": "affected",
"version": "18.5",
"versionType": "semver"
},
{
"lessThan": "18.6.1",
"status": "affected",
"version": "18.6",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [aphantom](https://hackerone.com/aphantom) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T04:48:55.635Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Security Release Blog Post",
"tags": [
"vendor-advisory"
],
"url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/"
},
{
"name": "GitLab Issue #494478",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/494478"
},
{
"name": "HackerOne Bug Bounty Report #2707421",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2707421"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.4.5, 18.5.3, 18.6.1 or above."
}
],
"title": "Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-9183",
"datePublished": "2025-12-05T16:34:00.971Z",
"dateReserved": "2024-09-25T19:02:02.688Z",
"dateUpdated": "2025-12-10T04:48:55.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13611 (GCVE-0-2025-13611)
Vulnerability from cvelistv5 – Published: 2025-11-26 19:45 – Updated: 2025-12-10 23:01
VLAI?
EPSS
Title
Insertion of Sensitive Information into Log File in GitLab
Summary
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:39:50.968616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:35:15.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.4.5",
"status": "affected",
"version": "13.2",
"versionType": "semver"
},
{
"lessThan": "18.5.3",
"status": "affected",
"version": "18.5",
"versionType": "semver"
},
{
"lessThan": "18.6.1",
"status": "affected",
"version": "18.6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T23:01:24.368Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Security Release Blog Post",
"tags": [
"vendor-advisory"
],
"url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/"
},
{
"name": "GitLab Issue #545947",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/545947"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.4.5, 18.5.3, 18.6.1 or above."
}
],
"title": "Insertion of Sensitive Information into Log File in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13611",
"datePublished": "2025-11-26T19:45:57.778Z",
"dateReserved": "2025-11-24T16:03:53.251Z",
"dateUpdated": "2025-12-10T23:01:24.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12571 (GCVE-0-2025-12571)
Vulnerability from cvelistv5 – Published: 2025-11-26 19:46 – Updated: 2025-12-10 23:01
VLAI?
EPSS
Title
Allocation of Resources Without Limits or Throttling in GitLab
Summary
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON payloads.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12571",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:41:27.256515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:35:05.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.4.5",
"status": "affected",
"version": "17.10",
"versionType": "semver"
},
{
"lessThan": "18.5.3",
"status": "affected",
"version": "18.5",
"versionType": "semver"
},
{
"lessThan": "18.6.1",
"status": "affected",
"version": "18.6",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON payloads."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T23:01:24.090Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Security Release Blog Post",
"tags": [
"vendor-advisory"
],
"url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/"
},
{
"name": "GitLab Issue #579168",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579168"
},
{
"name": "HackerOne Bug Bounty Report #3362239",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/3362239"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.4.5, 18.5.3, 18.6.1 or above."
}
],
"title": "Allocation of Resources Without Limits or Throttling in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-12571",
"datePublished": "2025-11-26T19:46:17.647Z",
"dateReserved": "2025-10-31T20:33:35.172Z",
"dateUpdated": "2025-12-10T23:01:24.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7449 (GCVE-0-2025-7449)
Vulnerability from cvelistv5 – Published: 2025-11-26 19:46 – Updated: 2025-12-10 23:01
VLAI?
EPSS
Title
Allocation of Resources Without Limits or Throttling in GitLab
Summary
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing.
Severity ?
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:39:49.262333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:34:58.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.4.5",
"status": "affected",
"version": "8.3",
"versionType": "semver"
},
{
"lessThan": "18.5.3",
"status": "affected",
"version": "18.5",
"versionType": "semver"
},
{
"lessThan": "18.6.1",
"status": "affected",
"version": "18.6",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T23:01:24.555Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Security Release Blog Post",
"tags": [
"vendor-advisory"
],
"url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/"
},
{
"name": "GitLab Issue #554938",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/554938"
},
{
"name": "HackerOne Bug Bounty Report #3215054",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/3215054"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.4.5, 18.5.3, 18.6.1 or above."
}
],
"title": "Allocation of Resources Without Limits or Throttling in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-7449",
"datePublished": "2025-11-26T19:46:32.641Z",
"dateReserved": "2025-07-11T06:30:55.443Z",
"dateUpdated": "2025-12-10T23:01:24.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6195 (GCVE-0-2025-6195)
Vulnerability from cvelistv5 – Published: 2025-11-26 19:46 – Updated: 2025-12-10 23:01
VLAI?
EPSS
Title
Direct Request ('Forced Browsing') in GitLab
Summary
GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions.
Severity ?
4.3 (Medium)
CWE
- CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Thanks [mateuszek](https://hackerone.com/mateuszek) for reporting this vulnerability through our HackerOne bug bounty program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:39:47.777226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:34:53.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.4.5",
"status": "affected",
"version": "13.7",
"versionType": "semver"
},
{
"lessThan": "18.5.3",
"status": "affected",
"version": "18.5",
"versionType": "semver"
},
{
"lessThan": "18.6.1",
"status": "affected",
"version": "18.6",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [mateuszek](https://hackerone.com/mateuszek) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T23:01:24.471Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Security Release Blog Post",
"tags": [
"vendor-advisory"
],
"url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/"
},
{
"name": "GitLab Issue #549937",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/549937"
},
{
"name": "HackerOne Bug Bounty Report #3155693",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/3155693"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.4.5, 18.5.3, 18.6.1 or above."
}
],
"title": "Direct Request (\u0027Forced Browsing\u0027) in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-6195",
"datePublished": "2025-11-26T19:46:42.649Z",
"dateReserved": "2025-06-17T06:30:37.944Z",
"dateUpdated": "2025-12-10T23:01:24.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…