CVE-2025-6769

Published: Sep 12, 2025Modified: Sep 20, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: cve@gitlab.com (Secondary)

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 15.1.0 to 18.1.6
Gitlab Gitlab	From 18.2.0 to 18.2.6
Gitlab Gitlab	From 18.3.0 to 18.3.2
Gitlab Gitlab	From 15.1.0 to 18.1.6
Gitlab Gitlab	From 18.2.0 to 18.2.6
Gitlab Gitlab	From 18.3.0 to 18.3.2

Related CWEs

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (3)

https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/

Source: cve@gitlab.com

Release NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/551957

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/3173328

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.