Insufficient Granularity of Access Control in GitLab_CVE-2025-2498

3.1 / 10

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.

Basic Information

ID CVE-2025-2498

Source GitLab

Published Aug 13, 2025 at 17:27

Modified Aug 13, 2025 at 20:02

Affected Product

Vendor GitLab

Product GitLab

Version 12.0

Affected Versions GitLab GitLab 12.0
GitLab GitLab 18.1
GitLab GitLab 18.2

CWE Classification

CWE-1220

References

{
    "lastseen": "",
    "description": "An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.",
    "published": "2025-08-13T17:27:10.511Z",
    "modified": "2025-08-13T20:02:26.796Z",
    "type": "cve",
    "title": "Insufficient Granularity of Access Control in GitLab",
    "source": "GitLab",
    "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/525515\nhttps://hackerone.com/reports/3037722",
    "id": "CVE-2025-2498",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1220"
    ],
    "cvelist": null,
    "sourceData": "GitLab GitLab 12.0\nGitLab GitLab 18.1\nGitLab GitLab 18.2",
    "sourceHref": "",
    "cvss": {
        "score": 3.1,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GitLab",
    "version": "12.0",
    "vendor": "GitLab",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}