CVE-2025-5819

Published: Aug 13, 2025Modified: Aug 29, 2025

5.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Exploitability: 3.1 / Impact: 1.4

Source: cve@gitlab.com (Secondary)

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 15.7.0 to 17.11.6
Gitlab Gitlab	From 18.0.0 to 18.0.4
Gitlab Gitlab	From 18.1.0 to 18.1.2
Gitlab Gitlab	From 15.7.0 to 17.11.6
Gitlab Gitlab	From 18.0.0 to 18.0.4
Gitlab Gitlab	From 18.1.0 to 18.1.2

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/548165

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/3137660

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.