CVE-2025-0679

An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:18.0.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:18.0.0:*:*:*:enterprise:*:*:*

History

29 May 2025, 15:57

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () https://gitlab.com/gitlab-org/gitlab/-/issues/514751 - () https://gitlab.com/gitlab-org/gitlab/-/issues/514751 - Broken Link
References () https://hackerone.com/reports/2952536 - () https://hackerone.com/reports/2952536 - Permissions Required
First Time Gitlab
Gitlab gitlab
CPE cpe:2.3:a:gitlab:gitlab:18.0.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:18.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

23 May 2025, 15:55

Type Values Removed Values Added
Summary
  • (es) Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones (desde la 17.1 hasta la 17.10.7), la 17.11 hasta la 17.11.3 y la 18.0 hasta la 18.0.1. En determinadas circunstancias, usuarios no autorizados pueden ver direcciones de correo electrónico completas que deberían estar parcialmente ocultas.

22 May 2025, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-22 15:16

Updated : 2025-05-29 15:57


NVD link : CVE-2025-0679

Mitre link : CVE-2025-0679

CVE.ORG link : CVE-2025-0679


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

NVD-CWE-noinfo