CVE-2025-5121

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/545429
https://hackerone.com/reports/3153908

Configurations

No configuration.

History

23 Jun 2025, 20:16

Type	Values Removed	Values Added
Summary		(es) Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones, desde la 17.11 hasta la 17.11.4 y desde la 18.0 hasta la 18.0.2. La falta de una comprobación de autorización podría haber permitido la aplicación de frameworks de cumplimiento a proyectos fuera del grupo del framework de cumplimiento.

20 Jun 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-20 18:15

Updated : 2025-06-23 20:16

NVD link : CVE-2025-5121

Mitre link : CVE-2025-5121

CVE.ORG link : CVE-2025-5121

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

8.5 /10