Primary

Context

GitLab CE/EE Resource Group Information Exposure Vulnerability

Vulnerability

A vulnerability exists in GitLab CE/EE versions 15.0 prior to 18.0.5, 18.1 prior to 18.1.3, and 18.2 prior to 18.2.1. This issue could have allowed privileged users to access certain resource group information through the API that should have been restricted.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive resource group information via the API.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab CE/EE Resource Group Information Exposure Vulnerability

Vulnerability

Impact

Affected Products

GitLab CE

GitLab EE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating