{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2045", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2025-03-06T13:02:55.315Z", "datePublished": "2025-03-06T13:04:16.661Z", "dateUpdated": "2025-03-06T16:07:19.120Z"}, "containers": {"cna": {"title": "Incorrect Authorization in GitLab", "descriptions": [{"lang": "en", "value": "Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://[email protected]:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "17.7.0", "status": "affected", "lessThan": "17.7.6", "versionType": "semver"}, {"version": "17.8", "status": "affected", "lessThan": "17.8.4", "versionType": "semver"}, {"version": "17.9", "status": "affected", "lessThan": "17.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-863: Incorrect Authorization", "cweId": "CWE-863", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/512050", "name": "GitLab Issue #512050", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2921111", "name": "HackerOne Bug Bounty Report #2921111", "tags": ["technical-description", "exploit", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 17.7.6, 17.8.4 or 17.9.1"}], "credits": [{"lang": "en", "value": "Thanks [weasterhacker](https://hackerone.com/weasterhacker) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-03-06T13:04:16.661Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-06T16:07:06.235439Z", "id": "CVE-2025-2045", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T16:07:19.120Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2045", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-06T16:07:06.235439Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T16:07:14.841Z"}}], "cna": {"title": "Incorrect Authorization in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [weasterhacker](https://hackerone.com/weasterhacker) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://[email protected]:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "17.7.0", "lessThan": "17.7.6", "versionType": "semver"}, {"status": "affected", "version": "17.8", "lessThan": "17.8.4", "versionType": "semver"}, {"status": "affected", "version": "17.9", "lessThan": "17.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 17.7.6, 17.8.4 or 17.9.1"}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/512050", "name": "GitLab Issue #512050", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/2921111", "name": "HackerOne Bug Bounty Report #2921111", "tags": ["technical-description", "exploit", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-03-06T13:04:16.661Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2045", "state": "PUBLISHED", "dateUpdated": "2025-03-06T16:07:19.120Z", "dateReserved": "2025-03-06T13:02:55.315Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2025-03-06T13:04:16.661Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8E917B5A-660A-496F-A300-7870ABBDDA24", "versionEndExcluding": "17.7.6", "versionStartIncluding": "17.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "BBA524F8-D246-4E22-AD19-D5A7A73BAFDB", "versionEndExcluding": "17.8.4", "versionStartIncluding": "17.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:17.9.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "520D3C67-BAA9-49B0-8613-7DC0127499D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data."}, {"lang": "es", "value": "La autorizaci\u00f3n incorrecta en GitLab EE que afecta a todas las versiones desde la 17.7 anterior a la 17.7.6, la 17.8 anterior a la 17.8.4 y la 17.9 anterior a la 17.9.1 permite a los usuarios con permisos limitados acceder a datos de an\u00e1lisis de proyectos potencialmente confidenciales."}], "id": "CVE-2025-2045", "lastModified": "2025-08-06T18:33:48.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-03-06T13:15:12.553", "references": [{"source": "[email protected]", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/512050"}, {"source": "[email protected]", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2921111"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "[email protected]", "type": "Primary"}]}

{}