CVE-2025-1278

An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/519580	Broken Link
https://hackerone.com/reports/2977149	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

08 Aug 2025, 18:32

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/519580 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/519580 - Broken Link
References	~~() https://hackerone.com/reports/2977149 -~~	() https://hackerone.com/reports/2977149 - Permissions Required
CWE		NVD-CWE-noinfo
First Time		Gitlab gitlab Gitlab

12 May 2025, 17:32

Type	Values Removed	Values Added
Summary		(es) Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones (desde la 12.0 hasta la 17.9.8), la 17.10 hasta la 17.10.6 y la 17.11 hasta la 17.11.2. En determinadas circunstancias, los usuarios podían eludir las restricciones de acceso IP y acceder a información confidencial.

09 May 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-09 17:15

Updated : 2025-08-08 18:32

NVD link : CVE-2025-1278

Mitre link : CVE-2025-1278

CVE.ORG link : CVE-2025-1278

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-1220

Insufficient Granularity of Access Control

NVD-CWE-noinfo

{"id": "CVE-2025-1278", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-05-09T17:15:50.790", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/519580", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2977149", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-1220"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information."}, {"lang": "es", "value": "Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones (desde la 12.0 hasta la 17.9.8), la 17.10 hasta la 17.10.6 y la 17.11 hasta la 17.11.2. En determinadas circunstancias, los usuarios pod\u00edan eludir las restricciones de acceso IP y acceder a informaci\u00f3n confidencial."}], "lastModified": "2025-08-08T18:32:48.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "805A7E82-754C-4622-8BC2-A2ED9570F003", "versionEndExcluding": "17.9.8", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "7AE283A8-B304-4CEE-B03E-6BFC9224110F", "versionEndExcluding": "17.9.8", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "EB9C790F-E33F-41DB-A218-BB5DC6C0AC34", "versionEndExcluding": "17.10.6", "versionStartIncluding": "17.10.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F8A5F80D-BB57-439E-B66D-2B0675FB1156", "versionEndExcluding": "17.10.6", "versionStartIncluding": "17.10.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "F0485096-6827-447F-8D93-EFB058AA31DC", "versionEndExcluding": "17.11.2", "versionStartIncluding": "17.11.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "9DBAC61C-C127-4833-979B-CFFE433204DD", "versionEndExcluding": "17.11.2", "versionStartIncluding": "17.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}