4.3

CVE-2025-6769

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitlab SwEditioncommunity Version >= 15.1.0 < 18.1.6
GitlabGitlab SwEditionenterprise Version >= 15.1.0 < 18.1.6
GitlabGitlab SwEditioncommunity Version >= 18.2.0 < 18.2.6
GitlabGitlab SwEditionenterprise Version >= 18.2.0 < 18.2.6
GitlabGitlab SwEditioncommunity Version >= 18.3.0 < 18.3.2
GitlabGitlab SwEditionenterprise Version >= 18.3.0 < 18.3.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.016
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@gitlab.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.