PT-2026-1797 · Gitlab · Gitlab Ce/Ee
Published
2026-01-07
·
Updated
2026-01-21
·
CVE-2025-3950
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 10.3 through 18.5.4
GitLab CE/EE versions 18.6 through 18.6.2
GitLab CE/EE versions 18.7 through 18.7.0
Description
GitLab CE/EE is affected by an issue that could allow a user to leak certain information by referencing specially crafted images that bypass asset proxy protection.
Recommendations
Update GitLab CE/EE to version 18.5.5 or later.
Update GitLab CE/EE to version 18.6.3 or later.
Update GitLab CE/EE to version 18.7.1 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee