GitLab EE Insecure Direct Object Reference Vulnerability Allowing Unauthorized Repository Access

Vulnerability

A vulnerability allowing insecure direct object references has been identified in GitLab EE. This issue affects all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. The vulnerability allows an attacker to view repositories without proper authorization.

Impact

Exploitation of this vulnerability could lead to unauthorized access to repositories, allowing attackers to view sensitive information or code that should be restricted.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab EE Insecure Direct Object Reference Vulnerability Allowing Unauthorized Repository Access

Vulnerability

Impact

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating