CVE-2025-5195

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-5195

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5195.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-5195

Aliases

BIT-gitlab-2025-5195

Related

UBUNTU-CVE-2025-5195

Published

2025-06-12T11:15:19Z

Modified

2025-06-14T06:28:42.925631Z

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/534960

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

f5041566b342c2f30a8d63b8117272c454e18410

Fixed

f0dceea5a8da8be1e1ba3cd326488dc7ff2937b7