GitLab Duo AI-Assisted Development Feature Manipulation Vulnerability

Vulnerability

A vulnerability exists in GitLab Duo with Amazon Q, affecting all versions from 17.8 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1. This vulnerability allows a crafted issue to manipulate AI-assisted development features, potentially exposing sensitive project data to unauthorized users.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive project data.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.0

GitLab Duo AI-Assisted Development Feature Manipulation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating