CVE Details
Basic Information
| Title | Insufficient Granularity of Access Control in GitLab |
|---|---|
| Type | cve |
| Published | 2025-06-12T16:27:56.700Z |
| Last Seen |
Product Information
| Vendor | GitLab |
|---|---|
| Product | GitLab |
| Version | 12.0 |
CVSS Information
| Base Score | 3.7 (LOW) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in GitLab allows users to bypass IP access restrictions, potentially exposing sensitive information. The issue affects multiple versions of GitLab EE, and under certain conditions, unauthorized access can occur. |
|---|---|
| AI Severity | Medium |
| Vendor | GitLab Inc. |
| Product | GitLab EE |
| Affected Version | 12.0, 17.11, 18.0 |
Affected Products
- GitLab GitLab 12.0
- GitLab GitLab 17.11
- GitLab GitLab 18.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-1220 |
| Bulletin Family |
Description
An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.