csaf_certbund - wid-sec-w-2025-2236

WID-SEC-W-2025-2236

Vulnerability from csaf_certbund - Published: 2025-10-08 22:00 - Updated: 2025-10-12 22:00

Summary

GitLab: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

GitLab ist eine Webanwendung zur Versionsverwaltung für Softwareprojekte auf Basis von git.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um einen Denial of Service Angriff durchzuführen, Informationen einzusehen oder Daten zu verändern.

Betroffene Betriebssysteme

- Linux - MacOS X - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "GitLab ist eine Webanwendung zur Versionsverwaltung f\u00fcr Softwareprojekte auf Basis von git.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Informationen einzusehen oder Daten zu ver\u00e4ndern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2236 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2236.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2236 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2236"
      },
      {
        "category": "external",
        "summary": "GitLab Patch Release: 18.4.2, 18.3.4, 18.2.8 vom 2025-10-08",
        "url": "https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/"
      }
    ],
    "source_lang": "en-US",
    "title": "GitLab: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-10-12T22:00:00.000+00:00",
      "generator": {
        "date": "2025-10-10T14:49:51.033+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-2236",
      "initial_release_date": "2025-10-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-10-09T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-33330, EUVD-2025-33334, EUVD-2025-33333"
        },
        {
          "date": "2025-10-12T22:00:00.000+00:00",
          "number": "3",
          "summary": "Korrektur Produkt-Versionsangaben"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c18.4.2",
                "product": {
                  "name": "Open Source GitLab \u003c18.4.2",
                  "product_id": "T047486"
                }
              },
              {
                "category": "product_version",
                "name": "18.4.2",
                "product": {
                  "name": "Open Source GitLab 18.4.2",
                  "product_id": "T047486-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:18.4.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18.3.4",
                "product": {
                  "name": "Open Source GitLab \u003c18.3.4",
                  "product_id": "T047487"
                }
              },
              {
                "category": "product_version",
                "name": "18.3.4",
                "product": {
                  "name": "Open Source GitLab 18.3.4",
                  "product_id": "T047487-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:18.3.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18.2.8",
                "product": {
                  "name": "Open Source GitLab \u003c18.2.8",
                  "product_id": "T047488"
                }
              },
              {
                "category": "product_version",
                "name": "18.2.8",
                "product": {
                  "name": "Open Source GitLab 18.2.8",
                  "product_id": "T047488-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:18.2.8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GitLab"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-10004",
      "product_status": {
        "known_affected": [
          "T047486",
          "T047487",
          "T047488"
        ]
      },
      "release_date": "2025-10-08T22:00:00.000+00:00",
      "title": "CVE-2025-10004"
    },
    {
      "cve": "CVE-2025-11340",
      "release_date": "2025-10-08T22:00:00.000+00:00",
      "title": "CVE-2025-11340"
    },
    {
      "cve": "CVE-2025-2934",
      "product_status": {
        "known_affected": [
          "T047486",
          "T047487",
          "T047488"
        ]
      },
      "release_date": "2025-10-08T22:00:00.000+00:00",
      "title": "CVE-2025-2934"
    },
    {
      "cve": "CVE-2025-9825",
      "product_status": {
        "known_affected": [
          "T047486",
          "T047487",
          "T047488"
        ]
      },
      "release_date": "2025-10-08T22:00:00.000+00:00",
      "title": "CVE-2025-9825"
    }
  ]
}

CVE-2025-2934 (GCVE-0-2025-2934)

Vulnerability from cvelistv5 – Published: 2025-10-09 11:33 – Updated: 2025-10-09 13:48

Summary

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTTP responses.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitLab

References

URL

Tags

	https://about.gitlab.com/releases/2025/10/08/patc…
	https://gitlab.com/gitlab-org/gitlab/-/issues/528979	issue-trackingpermissions-required
	https://hackerone.com/reports/3058791	technical-descriptionexploitpermissions-required

Impacted products

	Vendor	Product	Version
	GitLab	GitLab	Affected: 5.2 , < 18.2.8 (semver) Affected: 18.3 , < 18.3.4 (semver) Affected: 18.4 , < 18.4.2 (semver) cpe:2.3:a:gitlab:gitlab::::::::

Credits

Thanks [ppee](https://hackerone.com/ppee) for reporting this vulnerability through our HackerOne bug bounty program

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-09T13:48:42.834321Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-09T13:48:56.561Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.2.8",
              "status": "affected",
              "version": "5.2",
              "versionType": "semver"
            },
            {
              "lessThan": "18.3.4",
              "status": "affected",
              "version": "18.3",
              "versionType": "semver"
            },
            {
              "lessThan": "18.4.2",
              "status": "affected",
              "version": "18.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [ppee](https://hackerone.com/ppee) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTTP responses."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T11:33:43.956Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/"
        },
        {
          "name": "GitLab Issue #528979",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/528979"
        },
        {
          "name": "HackerOne Bug Bounty Report #3058791",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/3058791"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.2.8, 18.3.4, 18.4.2 or above."
        }
      ],
      "title": "Allocation of Resources Without Limits or Throttling in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2025-2934",
    "datePublished": "2025-10-09T11:33:43.956Z",
    "dateReserved": "2025-03-28T17:02:01.256Z",
    "dateUpdated": "2025-10-09T13:48:56.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9825 (GCVE-0-2025-9825)

Vulnerability from cvelistv5 – Published: 2025-11-21 05:33 – Updated: 2025-11-24 18:09

Summary

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API.

Severity ?

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-862 - Missing Authorization

Assigner

GitLab

References

URL

Tags

	https://about.gitlab.com/releases/2025/10/08/patc…
	https://gitlab.com/gitlab-org/gitlab/-/issues/567301	issue-trackingpermissions-required
	https://hackerone.com/reports/3319800	technical-descriptionexploitpermissions-required

Impacted products

	Vendor	Product	Version
	GitLab	GitLab	Affected: 13.7 , < 18.2.8 (semver) Affected: 18.3 , < 18.3.4 (semver) Affected: 18.4 , < 18.4.2 (semver) cpe:2.3:a:gitlab:gitlab::::::::

Credits

Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9825",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-24T17:00:45.624444Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-24T18:09:10.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.2.8",
              "status": "affected",
              "version": "13.7",
              "versionType": "semver"
            },
            {
              "lessThan": "18.3.4",
              "status": "affected",
              "version": "18.3",
              "versionType": "semver"
            },
            {
              "lessThan": "18.4.2",
              "status": "affected",
              "version": "18.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T05:33:31.558Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/"
        },
        {
          "name": "GitLab Issue #567301",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/567301"
        },
        {
          "name": "HackerOne Bug Bounty Report #3319800",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/3319800"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.3.4, 18.4.2 or above."
        }
      ],
      "title": "Missing Authorization in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2025-9825",
    "datePublished": "2025-11-21T05:33:31.558Z",
    "dateReserved": "2025-09-02T09:33:37.024Z",
    "dateUpdated": "2025-11-24T18:09:10.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10004 (GCVE-0-2025-10004)

Vulnerability from cvelistv5 – Published: 2025-10-09 12:04 – Updated: 2025-10-09 13:16

Summary

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitLab

References

URL

Tags

	https://about.gitlab.com/releases/2025/10/08/patc…
	https://gitlab.com/gitlab-org/gitlab/-/issues/568121	issue-trackingpermissions-required
	https://hackerone.com/reports/3026555	technical-descriptionexploitpermissions-required

Impacted products

	Vendor	Product	Version
	GitLab	GitLab	Affected: 13.12 , < 18.2.8 (semver) Affected: 18.3 , < 18.3.4 (semver) Affected: 18.4 , < 18.4.2 (semver) cpe:2.3:a:gitlab:gitlab::::::::

Credits

Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-09T13:15:06.752510Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-09T13:16:38.980Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.2.8",
              "status": "affected",
              "version": "13.12",
              "versionType": "semver"
            },
            {
              "lessThan": "18.3.4",
              "status": "affected",
              "version": "18.3",
              "versionType": "semver"
            },
            {
              "lessThan": "18.4.2",
              "status": "affected",
              "version": "18.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T12:04:30.109Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/"
        },
        {
          "name": "GitLab Issue #568121",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/568121"
        },
        {
          "name": "HackerOne Bug Bounty Report #3026555",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/3026555"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 18.2.8, 18.3.4 or 18.4.2"
        }
      ],
      "title": "Allocation of Resources Without Limits or Throttling in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2025-10004",
    "datePublished": "2025-10-09T12:04:30.109Z",
    "dateReserved": "2025-09-04T18:33:25.673Z",
    "dateUpdated": "2025-10-09T13:16:38.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-11340 (GCVE-0-2025-11340)

Vulnerability from cvelistv5 – Published: 2025-10-09 12:04 – Updated: 2025-10-09 13:43

Summary

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-863 - Incorrect Authorization

Assigner

GitLab

References

URL

Tags

	https://about.gitlab.com/releases/2025/10/08/patc…
	https://gitlab.com/gitlab-org/gitlab/-/issues/567847	issue-trackingpermissions-required

Impacted products

	Vendor	Product	Version
	GitLab	GitLab	Affected: 18.3 , < 18.3.4 (semver) Affected: 18.4 , < 18.4.2 (semver) cpe:2.3:a:gitlab:gitlab::::::::

Credits

This vulnerability has been discovered internally by GitLab team member Brian Williams.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11340",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-09T13:42:36.367153Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-09T13:43:00.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.3.4",
              "status": "affected",
              "version": "18.3",
              "versionType": "semver"
            },
            {
              "lessThan": "18.4.2",
              "status": "affected",
              "version": "18.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This vulnerability has been discovered internally by GitLab team member Brian Williams."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T12:04:20.127Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/"
        },
        {
          "name": "GitLab Issue #567847",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/567847"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.3.4, 18.4.2 or above."
        }
      ],
      "title": "Incorrect Authorization in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2025-11340",
    "datePublished": "2025-10-09T12:04:20.127Z",
    "dateReserved": "2025-10-06T00:07:35.705Z",
    "dateUpdated": "2025-10-09T13:43:00.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-2236

CVE-2025-2934 (GCVE-0-2025-2934)

CVE-2025-9825 (GCVE-0-2025-9825)

CVE-2025-10004 (GCVE-0-2025-10004)

CVE-2025-11340 (GCVE-0-2025-11340)

Tags

Sightings

Nomenclature