CVE-2025-0765

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/515381	Broken Link
https://hackerone.com/reports/2956315	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:18.2::::community:::
	cpe:2.3:a:gitlab:gitlab:18.2::::enterprise:::

History

08 Aug 2025, 18:26

Type	Values Removed	Values Added
First Time		Gitlab gitlab Gitlab
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/515381 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/515381 - Broken Link
References	~~() https://hackerone.com/reports/2956315 -~~	() https://hackerone.com/reports/2956315 - Permissions Required
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:18.2::::community::: cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:18.2::::enterprise:::
Summary		(es) Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde la 17.9 hasta la 18.0.5, la 18.1 hasta la 18.1.3 y la 18.2 hasta la 18.2.1, que podría haber permitido que un usuario no autorizado accediera a direcciones de correo electrónico de la mesa de ayuda personalizadas.

24 Jul 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-24 07:15

Updated : 2025-08-08 18:26

NVD link : CVE-2025-0765

Mitre link : CVE-2025-0765

CVE.ORG link : CVE-2025-0765

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2025-0765", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-07-24T07:15:52.397", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/515381", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2956315", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses."}, {"lang": "es", "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde la 17.9 hasta la 18.0.5, la 18.1 hasta la 18.1.3 y la 18.2 hasta la 18.2.1, que podr\u00eda haber permitido que un usuario no autorizado accediera a direcciones de correo electr\u00f3nico de la mesa de ayuda personalizadas."}], "lastModified": "2025-08-08T18:26:52.643", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "E9AD35A3-1BAC-4E3D-A918-02F46842F014", "versionEndExcluding": "18.0.5", "versionStartIncluding": "17.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "70A3CB4F-B7F5-4EB1-80D7-08F06FCA777E", "versionEndExcluding": "18.0.5", "versionStartIncluding": "17.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "F6FBDC48-B16F-4DE3-8A25-650EA1B3A7E6", "versionEndExcluding": "18.1.3", "versionStartIncluding": "18.1.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "1BD9DE80-2A4C-421F-98AC-25F160771956", "versionEndExcluding": "18.1.3", "versionStartIncluding": "18.1.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.2:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "C56C6B73-A79C-4B34-82FA-6451CCA9C093"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.2:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "8931BAA0-5961-46EC-BF0C-62EE4E8A7BE1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}