PT-2025-33058 · Gitlab · Gitlab Ce/Ee
Published
2025-08-08
·
Updated
2025-08-18
·
CVE-2025-8770
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions:
GitLab EE versions prior to 18.0.6
GitLab EE versions prior to 18.1.4
GitLab EE versions prior to 18.2.2
Description:
An issue exists in GitLab EE that allows authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers.
Recommendations:
Update to GitLab EE version 18.0.6 or later.
Update to GitLab EE version 18.1.4 or later.
Update to GitLab EE version 18.2.2 or later.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee