CVE-2025-8770

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-8770

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8770.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-8770

Aliases

BIT-gitlab-2025-8770

Downstream

UBUNTU-CVE-2025-8770

Published

2025-08-13T18:15:33Z

Modified

2025-08-18T08:59:39.295394Z

Summary

[none]

Details

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/549105

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

504fd9e5236e13d674e051c6b8a1e9892b371c58

Fixed

85327bfea0841b1eda70dc49b76918681510f967

Affected versions

v18.*

v18.0.0-ee

v18.0.1-ee

v18.0.2-ee

v18.0.3-ee

v18.0.4-ee

v18.0.5-ee