Primary

Context

GitLab CE/EE Repository Import Vulnerability Allowing Malicious Code Distribution

Vulnerability

A vulnerability exists in GitLab CE/EE in all versions prior to 18.1.5, 18.2 prior to 18.2.5, and 18.3 prior to 18.3.1. Under certain conditions, this vulnerability could have allowed an authenticated attacker to inject malicious code that appears benign in the web interface. This was possible by exploiting the confusion between branches and tags during repository imports.

Impact

Exploitation of this vulnerability could lead to the unauthorized distribution of malicious code within the web interface, creating a risk of code execution or other harmful effects, depending on the nature of the injected code.

Remediation

Users are advised to upgrade to GitLab CE/EE versions 18.1.5, 18.2.5, or 18.3.1.

Added: Aug 27, 2025, 8:17 PM

Updated: Aug 27, 2025, 8:17 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab CE/EE Repository Import Vulnerability Allowing Malicious Code Distribution

Vulnerability

Impact

Remediation

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating