← volver
CVE-2025-8770

Authorization Bypass Through User-Controlled Key in GitLab

CVSS 6.5 MEDIUMEPSS 0.3%CWE-639
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 ago 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Productos afectados
GitLab · GitLab

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://gitlab.com/gitlab-org/gitlab/-/issues/549105