CVE-2024-10925

Published: Mar 3, 2025Modified: Aug 26, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML

Affected (3)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 16.2 to 17.7.6
Gitlab Gitlab	From 17.8.0 to 17.8.4
Gitlab Gitlab	Version 17.9.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/502857

Source: cve@gitlab.com

ExploitIssue Tracking

https://hackerone.com/reports/2818270

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.