PT-2025-9085 · Gitlab · Gitlab
Published
2025-02-26
·
Updated
2025-07-11
·
CVE-2024-10925
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab-EE versions 16.2 through 17.7.5
GitLab-EE versions 17.8 through 17.8.3
GitLab-EE versions 17.9 through 17.9.0
Description
A vulnerability in GitLab-EE allows a Guest user to read Security policy YAML.
Recommendations
For GitLab-EE versions 16.2 through 17.7.5, update to version 17.7.6 or later.
For GitLab-EE versions 17.8 through 17.8.3, update to version 17.8.4 or later.
For GitLab-EE versions 17.9 through 17.9.0, update to version 17.9.1 or later.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab