CVE-2025-1042 — Files or Directories Accessible to External Parties in Gitlab

CWE-552 — Files or Directories Accessible to External Parties5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 92.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE

Timeline

PublishedFeb 12

Description

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5gitlab/gitlab15.7 — 17.6.5+2

▶NVDgitlab/gitlab15.7.0 — 17.6.5+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

GHSA

GHSA-f73r-7g7h-494m: An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15↗2025-02-12

▶

OSV

CVE-2025-1042: An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15↗2025-02-12

▶

📋Vendor Advisories

GitLab

CVE-2025-1042: An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior↗2025-02-12

▶

Debian

CVE-2025-1042: gitlab - An insecure direct object reference vulnerability in GitLab EE affecting all ver...↗2025

▶