CVE-2025-2246

Summary

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab0 < 18.1.5affected
GitLabGitLab18.2 < 18.2.5affected
GitLabGitLab18.3 < 18.3.1affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References