VYPR
Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Feb 25, 2026

Missing Authorization in GitLab

CVE-2025-14103

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 17.7
    • (no CPE)range: >=17.7 <18.7.5; >=18.8 <18.8.5; >=18.9 <18.9.1
  • osv-coords
    Range: >= 17.7.0, < 18.7.5

Patches

Vulnerability mechanics

References

3

News mentions

1