Missing Authorization in GitLab_CVE-2025-11702

8.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects.

AI Analysis

Missing Authorization vulnerability allowing hijacking of project runners

Basic Information

ID CVE-2025-11702

Source GitLab

Published Oct 29, 2025 at 07:04

Affected Product

Vendor GitLab

Product GitLab

Version 17.1

Affected Versions GitLab GitLab 17.1
GitLab GitLab 18.4
GitLab GitLab 18.5

CWE Classification

CWE-862

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor GitLab

Product GitLab EE

Version 17.1, 18.3, 18.4, 18.5

References

{
    "lastseen": "",
    "description": "GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects.",
    "published": "2025-10-29T07:04:52.286Z",
    "modified": "2025-10-29T07:04:52.286Z",
    "type": "cve",
    "title": "Missing Authorization in GitLab",
    "source": "GitLab",
    "references": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/\nhttps://gitlab.com/gitlab-org/gitlab/-/issues/576900\nhttps://hackerone.com/reports/3356284",
    "id": "CVE-2025-11702",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "GitLab GitLab 17.1\nGitLab GitLab 18.4\nGitLab GitLab 18.5",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GitLab",
    "version": "17.1",
    "vendor": "GitLab",
    "ai_description": "Missing Authorization vulnerability allowing hijacking of project runners",
    "ai_severity": "High",
    "ai_vendor": "GitLab",
    "ai_product": "GitLab EE",
    "ai_version": "17.1, 18.3, 18.4, 18.5",
    "ai_score": 8.5
}