Incorrect Authorization in GitLab

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title Incorrect Authorization in GitLab
Type cve
Published 2025-07-24T06:33:38.009Z
Modified 2025-07-24T06:33:38.009Z

Product Information

Vendor GitLab
Product GitLab
Version 17.9

CVSS Information

Base Score 4.3 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Analysis

AI Description A vulnerability in GitLab CE/EE allows unauthorized access to custom service desk email addresses. This issue affects versions 17.9, 18.1, and 18.2 before specific updates. The CVSS score of 4.3 indicates a medium severity.
AI Severity Medium
AI Vendor GitLab
AI Product GitLab CE/EE
AI Version 17.9, 18.1, 18.2

Affected Products

  • GitLab GitLab 17.9
  • GitLab GitLab 18.1
  • GitLab GitLab 18.2

Additional Information

CWE List CWE-863
Source GitLab

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.