VYPR
Unrated severityNVD Advisory· Published Mar 6, 2025· Updated Mar 6, 2025

Incorrect Authorization in GitLab

CVE-2025-1540

Description

An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 17.5
    • (no CPE)range: >=17.5 <17.6.5, >=17.7 <17.7.4, >=17.8 <17.8.2
  • osv-coords
    Range: >= 17.5.0, < 17.8.2

Patches

Vulnerability mechanics

References

2

News mentions

1