CVE-2025-4979

MEDIUM Year: 2025
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-1220
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response.

Related Vulnerabilities

CVE-2024-6696

MEDIUM
CVSS:4.9(Medium)

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, impl...

CWE-12202024

CVE-2023-50713

MEDIUM
CVSS:5.0(Medium)

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an appli...

CWE-12202023

CVE-2024-12619

MEDIUM
CVSS:5.2(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to intern...

CWE-12202024

CVE-2024-2412

MEDIUM
CVSS:5.3(Medium)

The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registratio...

CWE-12202024

CVE-2025-1278

MEDIUM
CVSS:5.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restr...

CWE-12202025

CVE-2025-2408

MEDIUM
CVSS:5.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restri...

CWE-12202025