PT-2025-33041 · Gitlab · Gitlab Ce/Ee

Published

2025-08-13

Updated

2025-08-18

CVE-2024-12303

CVSS v2.0

8.7

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions:

GitLab CE/EE versions 17.7 through 18.0.5

GitLab CE/EE versions 18.1 through 18.1.3

GitLab CE/EE versions 18.2 through 18.2.1

Description:

The issue allows authenticated users with specific roles and permissions to delete issues, including confidential ones, by inviting users with a specific role under certain conditions.

Recommendations:

Update GitLab CE/EE to version 18.0.6 or later.

Update GitLab CE/EE to version 18.1.4 or later.

Update GitLab CE/EE to version 18.2.2 or later.

Exploit

Fix

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

BDU:2025-10986

BIT-GITLAB-2024-12303

CVE-2024-12303

Affected Products

Gitlab Ce/Ee

PT-2025-33041 · Gitlab · Gitlab Ce/Ee

Weakness Enumeration

Related Identifiers

Affected Products

References · 12