CVE-2025-1299Missing Authorization in Gitlab

CWE-862Missing Authorization7 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 93.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GitlabLinux KernelDebian Gitlab+1 more
Timeline
PublishedJul 24
Latest updateDec 24

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sending a crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

CVEListV5gitlab/gitlab18.118.1.3+1
NVDgitlab/gitlab15.418.0.5+2
debiandebian/gitlab
gitlabgitlab/gitlab

🔴Vulnerability Details

3
OSV
ntfs3: init run lock for extend inode2025-12-24
GHSA
GHSA-54gr-cf5g-5pjm: An issue has been discovered in GitLab CE/EE affecting all versions starting from 152025-07-25
OSV
CVE-2025-1299: An issue has been discovered in GitLab CE/EE affecting all versions starting from 152025-07-24

📋Vendor Advisories

3
Red Hat
kernel: ntfs3: init run lock for extend inode2025-12-24
GitLab
CVE-2025-1299: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, a2025-07-24
Debian
CVE-2025-1299: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...2025