← volver
CVE-2025-5195

Authorization Bypass Through User-Controlled Key in GitLab

CVSS 4.3 MEDIUMEPSS 0.2%CWE-639
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
GitLab · GitLab

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://gitlab.com/gitlab-org/gitlab/-/issues/534960