CVE-2025-5982 - Vulnerability Details - OpenCVE

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/gitlab/-/issues/514456

History

Tue, 12 Aug 2025 13:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00017}`	epss `{'score': 0.00018}`

Thu, 12 Jun 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Jun 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description		An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.
Title		Insufficient Granularity of Access Control in GitLab
First Time appeared		Gitlab Gitlab gitlab
Weaknesses		CWE-1220
CPEs		cpe:2.3:a:gitlab:gitlab::::::::
Vendors & Products		Gitlab Gitlab gitlab
References		https://gitlab.com/gitlab-org/gitlab/-/issues/514456
Metrics		cvssV3_1 `{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2025-06-12T16:27:56.700Z

Updated: 2025-06-12T17:29:27.471Z

Reserved: 2025-06-10T14:05:31.817Z

Link: CVE-2025-5982

Vulnrichment

Updated: 2025-06-12T17:29:22.228Z

NVD

Status : Analyzed

Published: 2025-06-12T17:15:29.440

Modified: 2025-08-12T13:07:39.247

Link: CVE-2025-5982

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5982", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2025-06-10T14:05:31.817Z", "datePublished": "2025-06-12T16:27:56.700Z", "dateUpdated": "2025-06-12T17:29:27.471Z"}, "containers": {"cna": {"title": "Insufficient Granularity of Access Control in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "12.0", "status": "affected", "lessThan": "17.10.8", "versionType": "semver"}, {"version": "17.11", "status": "affected", "lessThan": "17.11.4", "versionType": "semver"}, {"version": "18.0", "status": "affected", "lessThan": "18.0.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-1220: Insufficient Granularity of Access Control", "cweId": "CWE-1220", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/514456", "name": "GitLab Issue #514456", "tags": ["issue-tracking", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 17.10.8, 17.11.4, 18.0.2 or above."}], "credits": [{"lang": "en", "value": "This vulnerability has been discovered internally by GitLab team member [@joernchen](https://gitlab.com/joernchen)", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-06-12T16:27:56.700Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-12T17:27:31.493512Z", "id": "CVE-2025-5982", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-12T17:29:27.471Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5982", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-12T17:27:31.493512Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-12T17:29:22.228Z"}}], "cna": {"title": "Insufficient Granularity of Access Control in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability has been discovered internally by GitLab team member [@joernchen](https://gitlab.com/joernchen)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "12.0", "lessThan": "17.10.8", "versionType": "semver"}, {"status": "affected", "version": "17.11", "lessThan": "17.11.4", "versionType": "semver"}, {"status": "affected", "version": "18.0", "lessThan": "18.0.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 17.10.8, 17.11.4, 18.0.2 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/514456", "name": "GitLab Issue #514456", "tags": ["issue-tracking", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1220", "description": "CWE-1220: Insufficient Granularity of Access Control"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-06-12T16:27:56.700Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5982", "state": "PUBLISHED", "dateUpdated": "2025-06-12T17:29:27.471Z", "dateReserved": "2025-06-10T14:05:31.817Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2025-06-12T16:27:56.700Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "52E2D1AE-40F8-456D-80B4-46CCF7FC6A3B", "versionEndExcluding": "17.10.8", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CEAA838C-7B3C-45AF-9D3D-BD5DE41E57BC", "versionEndExcluding": "17.11.4", "versionStartIncluding": "17.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6224AE70-D146-4A3B-BD4E-2853891F24FA", "versionEndExcluding": "18.0.2", "versionStartIncluding": "18.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information."}, {"lang": "es", "value": "Se ha detectado un problema en GitLab EE que afecta a todas las versiones, desde la 12.0 hasta la 17.10.8, la 17.11 hasta la 17.11.4 y la 18.0 hasta la 18.0.2. En determinadas circunstancias, los usuarios pod\u00edan eludir las restricciones de acceso IP y acceder a informaci\u00f3n confidencial."}], "id": "CVE-2025-5982", "lastModified": "2025-08-12T13:07:39.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-12T17:15:29.440", "references": [{"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/514456"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1220"}], "source": "cve@gitlab.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}