CVE-2025-2246
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-09-02
Assigner: GitLab Inc.
Description
Description
An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | to 18.1.5 (exc) |
| gitlab | gitlab | to 18.1.5 (exc) |
| gitlab | gitlab | From 18.2.0 (inc) to 18.2.5 (exc) |
| gitlab | gitlab | From 18.2.0 (inc) to 18.2.5 (exc) |
| gitlab | gitlab | 18.3.0 |
| gitlab | gitlab | 18.3.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GitLab CE/EE allows unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API. It affects all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive manual CI/CD variables, which may include secrets or credentials, potentially compromising the security of your CI/CD pipelines and related systems.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70