CVE-2025-7000
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-15
Last updated on: 2025-11-20
Assigner: GitLab Inc.
Description
Description
An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch names by accessing project issues with related merge requests.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 17.6.0 (inc) to 18.3.6 (exc) |
| gitlab | gitlab | From 17.6.0 (inc) to 18.3.6 (exc) |
| gitlab | gitlab | From 18.4.0 (inc) to 18.4.4 (exc) |
| gitlab | gitlab | From 18.4.0 (inc) to 18.4.4 (exc) |
| gitlab | gitlab | From 18.5.0 (inc) to 18.5.2 (exc) |
| gitlab | gitlab | From 18.5.0 (inc) to 18.5.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GitLab CE/EE versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 allows unauthorized users, under specific conditions, to view confidential branch names by accessing project issues that have related merge requests.
How can this vulnerability impact me? :
The vulnerability could lead to unauthorized disclosure of confidential branch names, potentially exposing sensitive development information to unauthorized users. This could aid attackers in understanding project structure or planning further attacks.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70