- Description
- GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.
- Source
- cve@gitlab.com
- NVD status
- Modified
- Products
- gitlab
CVSS 3.1
- Type
- Primary
- Base score
- 6.4
- Impact score
- 5.2
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
- Severity
- MEDIUM
- cve@gitlab.com
- CWE-367
- Hype score
- Not currently trending
⚠️Vulnerabilidades en productos GitLab ❗CVE-2024-9183 ❗CVE-2025-12571 ➡️Más info: https://t.co/SOAtLagJ2M https://t.co/qbaD11zUPI
@CERTpy
28 Nov 2025
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9183, -12571, and other: Multiple vulnerabilities in GitLab, 2.4 - 7.7 rating❗️ In a recent advisory, GitLab reports several vulns, including Race Conditions, DoS, and Authentication Bypass. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/Ur1PAZL4BG http
@Netlas_io
27 Nov 2025
416 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitLabで認証情報窃取(権限昇格)のCVE-2024-9183(CVSSスコア7.7)とDoSのCVE-2025-7449(CVSSスコア6.5)等、複数脆弱性が修正。 https://t.co/s0qx7YQhoX
@__kokumoto
27 Nov 2025
790 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical GitLab updates (18.6.1/18.5.3) fix severe CI/CD credential theft (CVE-2024-9183) & unauthenticated DoS flaws. Upgrade immediately. #GitLab #DevSecOps #Cybersecurity #SecurityPatch #CVE https://t.co/1JILYpdcgG
@the_yellow_fall
26 Nov 2025
498 Impressions
2 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "DEDB4B48-0099-4637-969F-235A829B2BED",
"versionEndExcluding": "18.4.5",
"versionStartIncluding": "18.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "AA760629-3160-48B1-8AB1-1BB422606F99",
"versionEndExcluding": "18.4.5",
"versionStartIncluding": "18.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "A2361C72-A29E-47BB-A3FD-E4D656AF820F",
"versionEndExcluding": "18.5.3",
"versionStartIncluding": "18.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "1B00EBAB-22CC-4350-AED2-60C7F78C0A8F",
"versionEndExcluding": "18.5.3",
"versionStartIncluding": "18.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "5A989D8B-F856-41FF-9821-D02D734917B2",
"versionEndExcluding": "18.6.1",
"versionStartIncluding": "18.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "1CEE76F2-C907-49F8-947D-A00385AD4193",
"versionEndExcluding": "18.6.1",
"versionStartIncluding": "18.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]