CVE-2025-13978

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.5 through 18.4.5 GitLab CE/EE versions 18.5 through 18.5.3 GitLab CE/EE versions 18.6 through 18.6.1

Description An authenticated user could potentially discover the names of private projects they do not have access to through API requests. The issue affects GitLab CE/EE.

Recommendations Update GitLab CE/EE to version 18.4.6 or later. Update GitLab CE/EE to version 18.5.4 or later. Update GitLab CE/EE to version 18.6.2 or later.

Exploit

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

BDU:2025-15849

BIT-GITLAB-2025-13978

CVE-2025-13978

ECHO-8E5F-DC7C-1B92

Affected Products

Gitlab Ce/Ee

CVE-2025-13978

Weakness Enumeration

Related Identifiers

Affected Products

References · 13