Vulnerability-Lookup

CVE-2025-13772 (GCVE-0-2025-13772)

Vulnerability from cvelistv5 – Published: 2026-01-09 10:04 – Updated: 2026-01-09 19:13

Title

Missing Authorization in GitLab

Summary

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-862 - Missing Authorization

Assigner

GitLab

References

URL

Tags

	https://gitlab.com/gitlab-org/gitlab/-/issues/581268	issue-trackingpermissions-required
	https://about.gitlab.com/releases/2026/01/07/patc…

Impacted products

	Vendor	Product	Version
	GitLab	GitLab	Affected: 18.4 , < 18.5.5 (semver) Affected: 18.6 , < 18.6.3 (semver) Affected: 18.7 , < 18.7.1 (semver) cpe:2.3:a:gitlab:gitlab::::::::

Credits

This vulnerability has been discovered internally by GitLab team member [Jessie Young] (https://gitlab.com/jessieay)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13772",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-09T19:13:05.972319Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-09T19:13:28.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.5.5",
              "status": "affected",
              "version": "18.4",
              "versionType": "semver"
            },
            {
              "lessThan": "18.6.3",
              "status": "affected",
              "version": "18.6",
              "versionType": "semver"
            },
            {
              "lessThan": "18.7.1",
              "status": "affected",
              "version": "18.7",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This vulnerability has been discovered internally by GitLab team member [Jessie Young] (https://gitlab.com/jessieay)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-09T10:04:06.293Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "name": "GitLab Issue #581268",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/581268"
        },
        {
          "url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.5.5, 18.6.3, 18.7.1 or above."
        }
      ],
      "title": "Missing Authorization in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2025-13772",
    "datePublished": "2026-01-09T10:04:06.293Z",
    "dateReserved": "2025-11-28T04:33:18.560Z",
    "dateUpdated": "2026-01-09T19:13:28.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-13772\",\"sourceIdentifier\":\"cve@gitlab.com\",\"published\":\"2026-01-09T10:15:45.450\",\"lastModified\":\"2026-01-09T10:15:45.450\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"cve@gitlab.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"references\":[{\"url\":\"https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/\",\"source\":\"cve@gitlab.com\"},{\"url\":\"https://gitlab.com/gitlab-org/gitlab/-/issues/581268\",\"source\":\"cve@gitlab.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13772\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-09T19:13:05.972319Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-09T19:13:25.525Z\"}}], \"cna\": {\"title\": \"Missing Authorization in GitLab\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"This vulnerability has been discovered internally by GitLab team member [Jessie Young] (https://gitlab.com/jessieay)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\"], \"repo\": \"git://git@gitlab.com:gitlab-org/gitlab.git\", \"vendor\": \"GitLab\", \"product\": \"GitLab\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.4\", \"lessThan\": \"18.5.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"18.6\", \"lessThan\": \"18.6.3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"18.7\", \"lessThan\": \"18.7.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to versions 18.5.5, 18.6.3, 18.7.1 or above.\"}], \"references\": [{\"url\": \"https://gitlab.com/gitlab-org/gitlab/-/issues/581268\", \"name\": \"GitLab Issue #581268\", \"tags\": [\"issue-tracking\", \"permissions-required\"]}, {\"url\": \"https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862: Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"ceab7361-8a18-47b1-92ba-4d7d25f6715a\", \"shortName\": \"GitLab\", \"dateUpdated\": \"2026-01-09T10:04:06.293Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-13772\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-09T19:13:28.846Z\", \"dateReserved\": \"2025-11-28T04:33:18.560Z\", \"assignerOrgId\": \"ceab7361-8a18-47b1-92ba-4d7d25f6715a\", \"datePublished\": \"2026-01-09T10:04:06.293Z\", \"assignerShortName\": \"GitLab\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-JXX7-C7V6-WH2P

Vulnerability from github – Published: 2026-01-09 12:32 – Updated: 2026-01-09 12:32

Details

Severity ?

7.1 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-13772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-09T10:15:45Z",
    "severity": "HIGH"
  },
  "details": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.",
  "id": "GHSA-jxx7-c7v6-wh2p",
  "modified": "2026-01-09T12:32:24Z",
  "published": "2026-01-09T12:32:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13772"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/581268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2026-AVI-0014

Vulnerability from certfr_avis - Published: 2026-01-08 - Updated: 2026-01-08

De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions antérieures à 18.5.5
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.6.x antérieures à 18.6.3
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.7.x antérieures à 18.7.1

References

Title

Publication Time

NCSC-2026-0003

Vulnerability from csaf_ncscnl - Published: 2026-01-09 11:11 - Updated: 2026-01-09 11:11

Summary

Kwetsbaarheden verholpen in GitLab

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

GitLab heeft kwetsbaarheden verholpen in GitLab CE/EE.

Interpretaties

De kwetsbaarheden omvatten verschillende problemen, waaronder de mogelijkheid voor geauthenticeerde gebruikers om externe API-aanroepen te misbruiken, wat kan leiden tot een Denial-of-Service. Daarnaast konden geauthenticeerde gebruikers via GraphQL ongeautoriseerde wijzigingen aanbrengen in projectconfiguraties en AI-instellingen van ongeautoriseerde namespaces. Een andere kwetsbaarheid stelde ongeauthenticeerde gebruikers in staat om willekeurige code uit te voeren in de browser van een geauthenticeerde gebruiker via een kwaadaardige webpagina. Bovendien konden geauthenticeerde gebruikers gevoelige informatie lekken door speciaal vervaardigde afbeeldingen te gebruiken die de bescherming van de asset proxy omzeilden. Ten slotte was er een kwetsbaarheid die het mogelijk maakte om opgeslagen cross-site scripting (XSS) uit te voeren via GitLab Flavored Markdown, wat de beveiliging van de applicatie in gevaar kon brengen.

Oplossingen

GitLab heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-862

Missing Authorization

CWE-1220

Insufficient Granularity of Access Control

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "GitLab heeft kwetsbaarheden verholpen in GitLab CE/EE.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten verschillende problemen, waaronder de mogelijkheid voor geauthenticeerde gebruikers om externe API-aanroepen te misbruiken, wat kan leiden tot een Denial-of-Service. Daarnaast konden geauthenticeerde gebruikers via GraphQL ongeautoriseerde wijzigingen aanbrengen in projectconfiguraties en AI-instellingen van ongeautoriseerde namespaces. Een andere kwetsbaarheid stelde ongeauthenticeerde gebruikers in staat om willekeurige code uit te voeren in de browser van een geauthenticeerde gebruiker via een kwaadaardige webpagina. Bovendien konden geauthenticeerde gebruikers gevoelige informatie lekken door speciaal vervaardigde afbeeldingen te gebruiken die de bescherming van de asset proxy omzeilden. Ten slotte was er een kwetsbaarheid die het mogelijk maakte om opgeslagen cross-site scripting (XSS) uit te voeren via GitLab Flavored Markdown, wat de beveiliging van de applicatie in gevaar kon brengen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "GitLab heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Exposure of Private Personal Information to an Unauthorized Actor",
        "title": "CWE-359"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Missing Authorization",
        "title": "CWE-862"
      },
      {
        "category": "general",
        "text": "Insufficient Granularity of Access Control",
        "title": "CWE-1220"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/"
      }
    ],
    "title": "Kwetsbaarheden verholpen in GitLab",
    "tracking": {
      "current_release_date": "2026-01-09T11:11:48.308357Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0003",
      "initial_release_date": "2026-01-09T11:11:48.308357Z",
      "revision_history": [
        {
          "date": "2026-01-09T11:11:48.308357Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "GitLab"
          }
        ],
        "category": "vendor",
        "name": "GitLab"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-10569",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "GitLab has addressed a vulnerability in GitLab CE/EE versions prior to specific updates that allowed authenticated users to induce a denial of service through manipulation of external API responses.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-10569 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-10569.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-10569"
    },
    {
      "cve": "CVE-2025-11246",
      "cwe": {
        "id": "CWE-1220",
        "name": "Insufficient Granularity of Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Granularity of Access Control",
          "title": "CWE-1220"
        },
        {
          "category": "description",
          "text": "GitLab has addressed a vulnerability in versions prior to 18.5.5, 18.6.3, and 18.7.1 that allowed authenticated users to manipulate GraphQL and remove project runners from unrelated projects.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-11246 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-11246.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-11246"
    },
    {
      "cve": "CVE-2025-13761",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "GitLab has addressed a vulnerability in versions 18.6 (prior to 18.6.3) and 18.7 (prior to 18.7.1) that could enable an unauthenticated user to execute arbitrary code in an authenticated user\u0027s browser via a malicious webpage.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-13761 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-13761.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-13761"
    },
    {
      "cve": "CVE-2025-13772",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "GitLab has addressed a vulnerability in versions prior to 18.5.5, 18.6.3, and 18.7.1 that permitted authenticated users to manipulate API requests to access AI model settings from unauthorized namespaces.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-13772 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-13772.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-13772"
    },
    {
      "cve": "CVE-2025-13781",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "GitLab has addressed a vulnerability in versions prior to 18.5.5, 18.6.3, and 18.7.1 that allowed authenticated users to modify instance-wide AI feature provider settings due to inadequate authorization checks in GraphQL mutations.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-13781 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-13781.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-13781"
    },
    {
      "cve": "CVE-2025-3950",
      "cwe": {
        "id": "CWE-359",
        "name": "Exposure of Private Personal Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Private Personal Information to an Unauthorized Actor",
          "title": "CWE-359"
        },
        {
          "category": "description",
          "text": "GitLab has addressed a vulnerability in versions 10.3 to 18.5.5, 18.6 to 18.6.3, and 18.7 to 18.7.1 that could enable sensitive information leakage via specially crafted images bypassing asset proxy protection.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-3950 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3950.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-3950"
    },
    {
      "cve": "CVE-2025-9222",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "GitLab has addressed a vulnerability in GitLab CE/EE versions that permitted authenticated users to execute stored cross-site scripting via GitLab Flavored Markdown.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9222 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9222.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-9222"
    }
  ]
}

WID-SEC-W-2026-0037

Vulnerability from csaf_certbund - Published: 2026-01-07 23:00 - Updated: 2026-01-07 23:00

Summary

GitLab CE und EE: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

GitLab ist eine Webanwendung zur Versionsverwaltung für Softwareprojekte auf Basis von git.

Angriff

Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um einen Denial of Service Angriff durchzuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- Sonstiges - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "GitLab ist eine Webanwendung zur Versionsverwaltung f\u00fcr Softwareprojekte auf Basis von git.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter oder anonymer  Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0037 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0037.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0037 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0037"
      },
      {
        "category": "external",
        "summary": "GitLab Patch Release vom 2026-01-07",
        "url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/"
      }
    ],
    "source_lang": "en-US",
    "title": "GitLab CE und EE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-01-07T23:00:00.000+00:00",
      "generator": {
        "date": "2026-01-08T08:50:25.436+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0037",
      "initial_release_date": "2026-01-07T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-07T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c18.7.1",
                "product": {
                  "name": "Open Source GitLab \u003c18.7.1",
                  "product_id": "T049757"
                }
              },
              {
                "category": "product_version",
                "name": "18.7.1",
                "product": {
                  "name": "Open Source GitLab 18.7.1",
                  "product_id": "T049757-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:18.7.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18.6.3",
                "product": {
                  "name": "Open Source GitLab \u003c18.6.3",
                  "product_id": "T049758"
                }
              },
              {
                "category": "product_version",
                "name": "18.6.3",
                "product": {
                  "name": "Open Source GitLab 18.6.3",
                  "product_id": "T049758-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:18.6.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18.5.5",
                "product": {
                  "name": "Open Source GitLab \u003c18.5.5",
                  "product_id": "T049759"
                }
              },
              {
                "category": "product_version",
                "name": "18.5.5",
                "product": {
                  "name": "Open Source GitLab 18.5.5",
                  "product_id": "T049759-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:18.5.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GitLab"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-10569",
      "product_status": {
        "known_affected": [
          "T049759",
          "T049758",
          "T049757"
        ]
      },
      "release_date": "2026-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-10569"
    },
    {
      "cve": "CVE-2025-11246",
      "product_status": {
        "known_affected": [
          "T049759",
          "T049758",
          "T049757"
        ]
      },
      "release_date": "2026-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-11246"
    },
    {
      "cve": "CVE-2025-13761",
      "product_status": {
        "known_affected": [
          "T049759",
          "T049758",
          "T049757"
        ]
      },
      "release_date": "2026-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-13761"
    },
    {
      "cve": "CVE-2025-13772",
      "product_status": {
        "known_affected": [
          "T049759",
          "T049758",
          "T049757"
        ]
      },
      "release_date": "2026-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-13772"
    },
    {
      "cve": "CVE-2025-13781",
      "product_status": {
        "known_affected": [
          "T049759",
          "T049758",
          "T049757"
        ]
      },
      "release_date": "2026-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-13781"
    },
    {
      "cve": "CVE-2025-3950",
      "product_status": {
        "known_affected": [
          "T049759",
          "T049758",
          "T049757"
        ]
      },
      "release_date": "2026-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-3950"
    },
    {
      "cve": "CVE-2025-9222",
      "product_status": {
        "known_affected": [
          "T049759",
          "T049758",
          "T049757"
        ]
      },
      "release_date": "2026-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-9222"
    }
  ]
}

FKIE_CVE-2025-13772

Vulnerability from fkie_nvd - Published: 2026-01-09 10:15 - Updated: 2026-01-09 10:15

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Summary

References

	URL	Tags
	cve@gitlab.com	https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/
	cve@gitlab.com	https://gitlab.com/gitlab-org/gitlab/-/issues/581268

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests."
    }
  ],
  "id": "CVE-2025-13772",
  "lastModified": "2026-01-09T10:15:45.450",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "cve@gitlab.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-09T10:15:45.450",
  "references": [
    {
      "source": "cve@gitlab.com",
      "url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/"
    },
    {
      "source": "cve@gitlab.com",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/581268"
    }
  ],
  "sourceIdentifier": "cve@gitlab.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cve@gitlab.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-13772 (GCVE-0-2025-13772)

GHSA-JXX7-C7V6-WH2P

CERTFR-2026-AVI-0014

Solutions

NCSC-2026-0003

WID-SEC-W-2026-0037

FKIE_CVE-2025-13772

Tags

Sightings

Nomenclature