Missing Authorization in GitLab

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title Missing Authorization in GitLab
Type cve
Published 2025-07-24T06:33:28.184Z
Modified 2025-07-24T06:33:28.184Z

Product Information

Vendor GitLab
Product GitLab
Version 15.4

CVSS Information

Base Score 4.3 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Analysis

AI Description A vulnerability in GitLab CE/EE allows unauthorized users to read deployment job logs by sending a crafted request, affecting versions 15.4, 18.1, and 18.2.
AI Severity Medium
AI Vendor GitLab
AI Product GitLab CE/EE
AI Version 15.4, 18.1, 18.2

Affected Products

  • GitLab GitLab 15.4
  • GitLab GitLab 18.1
  • GitLab GitLab 18.2

Additional Information

CWE List CWE-862
Source GitLab

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sending a crafted request.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.