CVE-2025-0362

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-0362

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0362.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-0362

Aliases

BIT-gitlab-2025-0362

Published

2025-04-10T15:16:02Z

Modified

2025-04-12T08:42:10.884595Z

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/512425
https://hackerone.com/reports/2926425

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

64474662409a4759b9a905a905db23c2d609ce31

Fixed

ffdf832af0a7b3bf4eb1a6d4d4fe4cd67f902e1f