BIT-gitlab-2025-11865
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/gitlab/BIT-gitlab-2025-11865.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-gitlab-2025-11865
- Aliases
- Published
- 2025-11-20T09:03:10.744Z
- Modified
- 2025-11-20T13:27:54.614250Z
- Summary
- Incorrect Authorization in GitLab
- Details
-
An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user.
- Database specific
{ "cpes": [ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / gitlab
Package
- Name
- gitlab
- Purl
- pkg:bitnami/gitlab
Severity
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator