GitLab EE/CE User Activity Tracking Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability exists in GitLab EE/CE versions 16.6 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1, that could enable an attacker to monitor users' browsing activities. This tracking could potentially result in a complete account takeover.

Impact

Exploitation of this vulnerability could lead to unauthorized tracking of user activities and, subsequently, a full account takeover.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

3.1

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

3.1

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab EE/CE User Activity Tracking Vulnerability Allowing Account Takeover

Vulnerability

Impact

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating