CVE-2025-1110

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/517693
https://hackerone.com/reports/2972576

Configurations

No configuration.

History

23 May 2025, 15:55

Type	Values Removed	Values Added
Summary		(es) Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones, desde la 18.0 hasta la 18.0.1. En determinadas circunstancias, un usuario con permisos limitados podría acceder a los datos del trabajo mediante una consulta GraphQL manipulada.

22 May 2025, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-22 14:16

Updated : 2025-05-23 15:55

NVD link : CVE-2025-1110

Mitre link : CVE-2025-1110

CVE.ORG link : CVE-2025-1110

JSON object : View

Products Affected

No product.

CWE

CWE-1220

Insufficient Granularity of Access Control

2.7 /10