4.3

CVE-2025-0679

Exposure of Private Personal Information to an Unauthorized Actor in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab SwEditioncommunity Version >= 17.1.0 < 17.10.7
GitlabGitLab SwEditionenterprise Version >= 17.1.0 < 17.10.7
GitlabGitLab SwEditioncommunity Version >= 17.11.0 < 17.11.3
GitlabGitLab SwEditionenterprise Version >= 17.11.0 < 17.11.3
GitlabGitLab Version18.0.0 SwEditioncommunity
GitlabGitLab Version18.0.0 SwEditionenterprise
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.23
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cve@gitlab.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.