CVE-2025-1299
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-24
Last updated on: 2025-07-28
Assigner: GitLab Inc.
Description
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sending a crafted request.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 15.4 (inc) to 18.0.5 (exc) |
| gitlab | gitlab | From 15.4 (inc) to 18.0.5 (exc) |
| gitlab | gitlab | From 18.1.0 (inc) to 18.1.3 (exc) |
| gitlab | gitlab | From 18.1.0 (inc) to 18.1.3 (exc) |
| gitlab | gitlab | 18.2 |
| gitlab | gitlab | 18.2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The impact of this vulnerability is that an unauthorized user could gain access to deployment job logs, which may contain sensitive information. This could lead to information disclosure and potentially aid further attacks or unauthorized access.
Can you explain this vulnerability to me?
This vulnerability in GitLab CE/EE allows an unauthorized user to read deployment job logs by sending a specially crafted request. It affects multiple versions starting from 15.4 up to certain patched versions, potentially exposing sensitive information contained in deployment logs.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70