Exposure of Sensitive Information Due to Incompatible Policies in GitLab

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses.

Basic Information

ID CVE-2025-4976

Source GitLab

Published Jul 24, 2025 at 06:05

Modified Jul 24, 2025 at 13:36

Affected Product

Vendor GitLab

Product GitLab

Version 17.0

Affected Versions GitLab GitLab 17.0
GitLab GitLab 18.1
GitLab GitLab 18.2

CWE Classification

CWE-213

References

{
    "lastseen": "",
    "description": "An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses.",
    "published": "2025-07-24T06:05:37.730Z",
    "modified": "2025-07-24T13:36:32.546Z",
    "type": "cve",
    "title": "Exposure of Sensitive Information Due to Incompatible Policies in GitLab",
    "source": "GitLab",
    "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/543905\nhttps://hackerone.com/reports/3149956",
    "id": "CVE-2025-4976",
    "bulletinFamily": "",
    "cwe": [
        "CWE-213"
    ],
    "cvelist": null,
    "sourceData": "GitLab GitLab 17.0\nGitLab GitLab 18.1\nGitLab GitLab 18.2",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GitLab",
    "version": "17.0",
    "vendor": "GitLab",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Exposure of Sensitive Information Due to Incompatible Policies in GitLab_CVE-2025-4976