An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."
Fixes

Solution

Upgrade to version 17.8.2, 17.7.4 or 17.6.5.


Workaround

No workaround given by the vendor.

History

Wed, 06 Aug 2025 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Thu, 06 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 06 Mar 2025 08:45:00 +0000

Type Values Removed Values Added
Description An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."
Title Incorrect Authorization in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-863
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2025-03-06T16:29:08.261Z

Reserved: 2025-02-21T09:02:14.816Z

Link: CVE-2025-1540

cve-icon Vulnrichment

Updated: 2025-03-06T16:28:55.700Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-06T09:15:26.317

Modified: 2025-08-06T18:33:28.797

Link: CVE-2025-1540

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.