CVE-2025-1110Insufficient Granularity of Access Control in Gitlab

CWE-1220Insufficient Granularity of Access ControlCWE-863Incorrect AuthorizationCWE-825Expired Pointer Dereference7 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 91.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GitlabLinux KernelDebian Gitlab+1 more
Timeline
PublishedMay 22
Latest updateOct 15

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

CVEListV5gitlab/gitlab18.018.0.1
NVDgitlab/gitlab18.0.0
debiandebian/gitlab
gitlabgitlab/gitlab

🔴Vulnerability Details

3
OSV
wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()2025-10-15
GHSA
GHSA-jqqw-x8w5-v4hh: An issue has been discovered in GitLab CE/EE affecting all versions from 182025-05-22
OSV
CVE-2025-1110: An issue has been discovered in GitLab CE/EE affecting all versions from 182025-05-22

📋Vendor Advisories

3
Red Hat
kernel: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()2025-10-15
GitLab
CVE-2025-1110: An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions2025-05-22
Debian
CVE-2025-1110: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 be...2025